Exploit Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21728
Проверка EDB
  1. Пройдено
Автор
ABRAHAM LINCOLN
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2002-1434
Дата публикации
2002-08-19
Код:
source: https://www.securityfocus.com/bid/5507/info

Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component.

An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Exploitation may result in the compromise of authentication data, or in script code taking actions as the authenticated user.

*** The vendor has stated that this is not a vulnerability. 

*** Proof of concept has been provided.

http://keriowebmail/<script>alert('THisIsREAL0wned')</script>
http://keriowebmail/passwd<script>alert('VERYVULNERABLE')</script>
 
Источник
www.exploit-db.com

Похожие темы