|
Family: CGI abuses : XSS --> Category: infos
IlohaMail Email Message Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for email message cross-site scripting vulnerabilities in IlohaMail
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is subject to
cross-site scripting attacks.
Description :
Based on its version number, the installation of IlohaMail on the
remote host does not properly sanitize attachment file names, MIME
media types, and HTML / text e-mail messages. A possible hacker can exploit
these vulnerabilities by sending a specially-crafted message to a user
which, when read using an affected version of IlohaMail, will allow
him to execute arbitrary HTML and script code in the user's browser
within the context of the affected web site.
See also :
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304525
Solution :
Upgrade to IlohaMail version 0.8.14-rc3 or newer.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|