A new cross-site scripting exploit that enables attackers to steal cookies and access Yahoo email accounts is for sale in an exclusive underground market for $700, less than half of market value according to the hacker. The attack steals session cookies for Yahoo email and could allow an attacker to access the account and read or send messages. The attacker, who goes by the handle TheHell, posted a demo video of the attack. TheHell said such attacks normally go for as much as $1,500.
Source: https://threatpost.com/yahoo-mail-cross-site-scripting-attack-sale-112612/77245/