|
Family: CGI abuses : XSS --> Category: infos
SurgeMail <= 3.0c2 Multiple Cross-Site Scripting Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for multiple vulnerabilities in SurgeMail <= 3.0c2
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote mail server is vulnerable to multiple cross-site scripting
vulnerabilities.
Description :
According to its banner, the remote host is running SurgeMail version
3.0c2 or earlier. These versions reportedly are prone to multiple
cross-site scripting issues, which a possible hacker could exploit to inject
arbitrary HTML and script code into a user's browser to be processed
within the context of the affected website.
See also :
http://www.netwinsite.com/surgemail/help/updates.htm
Solution :
Upgrade to SurgeMail 3.2e1 or later.
Threat Level:
Low / CVSS Base Score : 2
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|