|
|
Family: CGI abuses : XSS --> Category: attack
SqWebMail HTTP Response Splitting Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for HTTP response splitting vulnerability in SqWebMail
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a CGI script that is affected by a
cross-site scripting flaw.
Description :
The remote host is running a version of SqWebMail that does not
properly sanitize user-supplied input through the 'redirect'
parameter. A possible hacker can exploit this flaw to inject arbitrary HTML
and script code into a user's browser to be executed within the
context of the affected web site. Such attacks could lead to session
cookie and password theft for users who read mail with SqWebMail.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-04/0440.html
Solution :
Unknown at this time.
Risk factor:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
