Cross Site Scripting vulnerabilities exist in the e-mail web services of hotmail.com, yahoo.com, and excite.com. These problems allow for cookie capturing of unsuspecting victims who may easily give up their cookies via clicking on a link in an e-mail or elsewhere and with the link actually pointing to the legitimate site.
0e1d0d54940384d01ff7c3049f87a8a7e2540acdafd2a17cb783e60afe5122f5