@Mail Search.HTML HTML Injection Vulnerability
BID:22552
Info
@Mail Search.HTML HTML Injection Vulnerability
| Bugtraq ID: | 22552 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0953 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Lostmon is credited with the discovery of this vulnerability. |
| Vulnerable: |
AtMail @Mail 4.61 AtMail @Mail 4.6 AtMail @Mail 4.51 AtMail @Mail 4.11 AtMail @Mail 4.03 |
| Not Vulnerable: | |
Discussion
@Mail Search.HTML HTML Injection Vulnerability
@Mail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Hostile HTML and script code may be injected into vulnerable sections of the application. When viewed, this code may be rendered in the browser of a user viewing a malicious website.
@Mail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Hostile HTML and script code may be injected into vulnerable sections of the application. When viewed, this code may be rendered in the browser of a user viewing a malicious website.
Exploit / POC
@Mail Search.HTML HTML Injection Vulnerability
Attackers can exploit this issue via a web client.
Attackers can exploit this issue via a web client.
Solution / Fix
@Mail Search.HTML HTML Injection Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.
References
@Mail Search.HTML HTML Injection Vulnerability
References:
References:
- @Mail Search.pl keywords variable cross-site scripting (Lostmon's Blogger)
- @Mail Homepage (@Mail)