Nitesh Dhanjani - Yahoo! Susceptible to Cross Site Request Forgery (XSRF) Attacks:

"It is possible for malicious sites to add or delete arbitrary Yahoo! calendar entries. The following HTML on a malicious site will add a Task and Event to the victim’s Yahoo! calendar."