- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39015
- Проверка EDB
-
- Пройдено
- Автор
- ZHAO LIANG
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2013-6017
- Дата публикации
- 2014-01-14
Atmail Webmail Server - Email Body HTML Injection
Код:
source: https://www.securityfocus.com/bid/64779/info
Atmail Webmail Server is prone to an HTML-injection vulnerability.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
Atmail 7.1.3 is vulnerable; others versions may also be affected.
<iframe width=0 height=0 src="javascript:alert('xss in main body')">- Источник
- www.exploit-db.com
