According to a recent report, Finnish researcher Jouko Pynnönen discovered a cross-site scripting (XSS) vulnerability affecting Yahoo! Mail. This was the third time for Pynnönen to report an XSS flaw with Yahoo!. He discovered the flaw in December 2018, which he then reported to Yahoo!. In January, Yahoo! fixed the flaw and acknowledged Pynnönen’s efforts with a bug bounty of $10,000.
Read more about it here.