September 23, the researchers reported to Yahoo security team of XSS vulnerabilities affecting the ecom.yahoo.com and adserver.yahoo.com domains.
The Yahoo security flaw accordingly can allow hackers to compromise any “@yahoo.com” email account and what required is only clicking a specially-crafted link received in an email.
Eventually, the security flaw was fixed by Yahoo security team. The best part there, security researchers from “High Tech Bridge” received a reward as part of Yahoo’s bug bounty program.
A meager $12.5! Another worth noting, the reward can only be used in “Yahoo Company Store.”
The vulnerabilities are all patched as of now.