The independent security researcher Ucha Gobejishvili has detected a cross site scripting (XSS) vulnerabilities affecting shop.skype.com and api.skype.com.

Upon successful exploitation the vulnerability allows an attacker to hijack cookies via required user interaction, leading to complete session hijacking and stealing of the account.

Skype has been informed of the vulnerabilities and is currently investigating.