|
Family: CGI abuses : XSS --> Category: infos
Mailreader Remote HTML Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for remote HTML injection vulnerability in Mailreader
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote host contains a CGI script that is vulnerable to a cross-
site scripting attack.
Description :
According to its banner, the version of Mailreader installed on the
remote host is affected by a remote HTML injection vulnerability due
to its failure to properly sanitize messages using a 'text/enriched'
or 'text/richtext' MIME type. A possible hacker can exploit this flaw by
sending a specially crafted message to a user who reads his mail with
Mailreader. Then, when the user reads that message, malicious HTML or
script code embedded in the message will be run by the user's browser
in the context of the remote host, enabling the attacker to steal
authentication cookies as well as perform other attacks.
See also :
http://www.debian.org/security/2005/dsa-700
Solution :
Upgrade to Mailreader 2.3.36 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|