- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 26001
- Проверка EDB
-
- Пройдено
- Автор
- FRANCISCO AMATO
- Тип уязвимости
- WEBAPPS
- Платформа
- JAVA
- CVE
- cve-2005-2276
- Дата публикации
- 2005-07-15
Код:
source: https://www.securityfocus.com/bid/14310/info
Novell GroupWise WebAccess is prone to an HTML injection vulnerability. This may be used to inject hostile HTML and script code into the Web mail application. When a user opens an email containing the hostile code, it may be rendered in their browser.
Successful exploitation could potentially allow theft of cookie-based authentication. Other attacks are also possible.
<IMG SRC="jAvascript:alert(document.cookie)">- Источник
- www.exploit-db.com
