- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34773
- Проверка EDB
-
- Пройдено
- Автор
- MORITZ NAUMANN
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2010-3695
- Дата публикации
- 2010-09-27
Horde IMP Webmail 4.3.7 - 'fetchmailprefs.php' HTML Injection
Код:
source: https://www.securityfocus.com/bid/43515/info
Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
Horde IMP 4.3.7 is affected; other versions may also be vulnerable.
http://www.example.com/path/fetchmailprefs.php?actionID=fetchmail_prefs_save&fm_driver=imap&fm_id=zzz%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E%3Cx+y%3D%22&fm_protocol=pop3&fm_lmailbox=INBOX&save=Create- Источник
- www.exploit-db.com
