The vulnerability is due to a lack of input validation and output sanitization of the profile entries for home, office and mobile number, says the researcher, but Skype has denied that the vulnerability exists.
But, according to The Register, the researcher insists on the veracity of his findings: "First of all, they use HTML to embed all entries in Skype user's profile. The 'parser' is not validating the input, so I was able to inject HTML code (any HTML tags are possible)."
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.