=B7= Security Advisory ==B7
Issue: Cross Site Scripting (XSS) Vulnerability in Web Mail service by
"Walla! Communications LTD"
Discovered Date: 05/10/2006
Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com]
Product Vendor: http://www.walla.co.il/
Walla! Communications LTD Web Mail service is prone to a Cross Site
The vulnerability exists in filter engine, caused by the lack of Input
of malicious Method "Expression()" of Cascading Style Sheets (CSS).
About Cascading Style Sheets (CSS):
Cascading Style Sheets (CSS) is a stylesheet language used to describe the
of a document written in a markup language. Its most common application is
to style web pages written
in HTML and XHTML.
About Expression() Method:
statement without quotations or semicolons. This string can include
other properties on the current page. Array references are not allowed on
properties included in this script.