|
Family: CGI abuses : XSS --> Category: attack
Open WebMail Logindomain Parameter Cross-Site Scripting Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks for logindomain parameter cross-site scripting vulnerability in Open WebMail
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote webmail server is affected by a cross-site scripting flaw.
Description :
The remote host is running at least one instance of Open WebMail that
fails to sufficiently validate user input supplied to the 'logindomain'
parameter. This failure enables a possible hacker to run arbitrary script
code in the context of a user's web browser.
See also :
http://openwebmail.org/openwebmail/download/cert/advisories/SA-05:01.txt
Solution :
Upgrade to Open WebMail version 2.50 20040212 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|