Family: CGI abuses : XSS --> Category: infos
IlohaMail Email Header HTML Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for Email Header HTML Injection vulnerability in IlohaMail
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script which is vulnerable to a cross site
The target is running at least one instance of IlohaMail version
0.8.12 or earlier. Such versions do not properly sanitize message
headers, leaving users vulnerable to XSS attacks. For example, a
session cookie and thereby gain access to that user's account.
Upgrade to IlohaMail version 0.8.13 or later.
Low / CVSS Base Score : 3
Click HERE for more information and discussions on this network vulnerability scan.