Mailreader Remote HTML Injection Vulnerability
BID:12945
Info
Mailreader Remote HTML Injection Vulnerability
| Bugtraq ID: | 12945 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0386 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 30 2005 12:00AM |
| Updated: | Jul 12 2009 11:56AM |
| Credit: | Ulf Harnhammar is credited with the discovery of this issue. |
| Vulnerable: |
Mailreader.com Mailreader.com 2.3.29 |
| Not Vulnerable: | |
Discussion
Mailreader Remote HTML Injection Vulnerability
A remote HTML injection vulnerability affects Mailreader. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
A remote HTML injection vulnerability affects Mailreader. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
Mailreader Remote HTML Injection Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Mailreader Remote HTML Injection Vulnerability
Solution:
Debian Linux has released an advisory (DSA 700-1) dealing with this issue. Please see the referenced advisory for more information.
Mailreader.com Mailreader.com 2.3.29
Solution:
Debian Linux has released an advisory (DSA 700-1) dealing with this issue. Please see the referenced advisory for more information.
Mailreader.com Mailreader.com 2.3.29
-
Debian mailreader_2.3.29-5woody2_all.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailreader/mailreader_2 .3.29-5woody2_all.deb