|
Family: CGI abuses : XSS --> Category: infos
InMail/InShop XSS Vulnerability Scan
Vulnerability Scan Summary Checks XSS in InMail and InShop
Detailed Explanation for this Vulnerability Test
The remote host is using InMail/InShop, a web applications written in Perl.
An implementation error in the validation of the user input specifically in
the script 'inmail.pl' in its 'acao' uri-argument and 'inshop.pl' in its
'screen' uri argument lead to an XSS vulnerability allowing a user to create
cross site attacks, also allowing theft of cookie-based authentication
credentials.
Solution : None at this time
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|