Security researcher Shahin Ramezany has managed to exploit the XSS on the same place again after company claimed to patch the vulnerability. He showed how attackers can convince the victim to click on a link with malicious code and then give up the account.
Yahoo officials has nothing to say about this after the vulnerability has been reproduced. But I am advising all readers not to click on any kind of suspicious links coming in the emails.
Here is the POC of the vulnerability and attack. See the demo video: