Researcher Ucha Gobejishvili recently uncovered major XSS vulnerabilities in the Web sites for the Skype Shop and the Skype API.
"According to a blog post on 1337 Blog, the expert’s personal site, the XSS flaw discovered on these sites could allow an attacker to hijack cookies if he manages to convince the potential victim to click on a specially designed link," writes Softpedia's Eduard Kovacs. "If exploited successfully, a hacker could hijack the user’s session and even steal his/her account."
"The vulnerabilities have been reported to Skype and the company’s representatives redirected it to Microsoft’s Security Response Center (MSRC), which now handles certain problems found in Skype," Kovacs writes.
Go to "XSS Flaw in Skype Shop May Allow Hackers to Steal User Accounts" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.