A researcher says he has discovered yet another critical cross-site scripting (XSS) vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user’s emails and attach malicious code to their outgoing messages.

https://www.securityweek.com/researcher-earns-10000-another-xss-flaw-yahoo-mail