Nitesh Dhanjani – Yahoo! Susceptible to Cross Site Request Forgery (XSRF) Attacks:
„It is possible for malicious sites to add or delete arbitrary Yahoo! calendar entries. The following HTML on a malicious site will add a Task and Event to the victim’s Yahoo! calendar.“