Secunia Advisory: SA10370
Release Date: 2003-12-08
Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Software: Yahoo! Messenger 5.x
Description:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to conduct Cross-Site Scripting attacks.
The vulnerability is caused due to missing input validation when generating an error reply containing the name of an invalid IMVironment.
This can be exploited via a malicious web page to execute arbitrary HTML or script code on a user's system in the context of Yahoo! Messenger by including it in a specially crafted URI using the "ymsgr:" URI handler.
http://www.secunia.com/advisories/10370/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic