- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 31697
- Проверка EDB
-
- Пройдено
- Автор
- ARIA-SECURITY TEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-1974
- Дата публикации
- 2008-04-23
Код:
source: https://www.securityfocus.com/bid/28898/info
Horde Webmail is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
This issue affects Kronolith 2.1.7. The vulnerable Kronolith versions are included in Horde Groupware 1.0.5 and Horde Groupware Webmail Edition 1.0.6.
http://www.example.com/horde/kronolith/addevent.php?timestamp=1208932200&url=[xss]- Источник
- www.exploit-db.com
