Security experts say that Yahoo's HotJobs site was vulnerable to a phishing-based attack that can give an attacker access to a Yahoo member's mail and other personal accounts,

British network service firm, Netcraft, said someone had been taking advantage of the hole to attack users. The hacker has been using a bogus e-mail masquerading as a legitimate message from a company, in this case Yahoo HotJobs.

Clicking on a link that includes specially formatted JavaScript code can cause the Web site to run a program because of a cross-site scripting vulnerability.

Netcraft said that the script steals the authentication cookies that are sent for the yahoo.com domain and passes them to a different Website in the United States, where the attacker is harvesting stolen authentication details.

Yahoo said the hole has been fixed now.