Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

Mailreader Remote HTML Injection Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for remote HTML injection vulnerability in Mailreader

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote host contains a CGI script that is vulnerable to a cross-
site scripting attack.

Description :

According to its banner, the version of Mailreader installed on the
remote host is affected by a remote HTML injection vulnerability due
to its failure to properly sanitize messages using a 'text/enriched'
or 'text/richtext' MIME type. A possible hacker can exploit this flaw by
sending a specially crafted message to a user who reads his mail with
Mailreader. Then, when the user reads that message, malicious HTML or
script code embedded in the message will be run by the user's browser
in the context of the remote host, enabling the attacker to steal
authentication cookies as well as perform other attacks.

See also :

http://www.debian.org/security/2005/dsa-700

Solution :

Upgrade to Mailreader 2.3.36 or later.

Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.