Skype Cross Site Vulnerabilities, user accounts can be Hijacked
The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.
According to a blog post on 1337 Blog, the XSS flaw discovered on these sites could allow an attacker to hijack cookies if he manages to convince the potential victim to click on a specially designed link. If exploited successfully, a hacker could hijack the user’s session and even steal his/her account.
Skype has been informed of the vulnerabilities and is currently investigating. Other XSS discovered by him are listed here.