Exploit Mirapoint Web Mail - 'Expression()' HTML Injection

[Exploiter]

EDB-ID

28891

Проверка EDB

1. Пройдено

Автор

LEGENDARYZION

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-5712

Дата публикации

2006-10-31

source: https://www.securityfocus.com/bid/20840/info

Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser.

<IMG style="width: expression(alert('expression'));">