Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.Referenceshttp://securityreason.com/securityalert/1626http://www.securityfocus.com/archive/1/446414/100/0/threadedhttp://advisories.echo.or.id/adv/adv47-theday-2006.txt
