Open WebMail Multiple Cross-Site Scripting Vulnerabilities
BID:25175
Info
Open WebMail Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 25175 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4172 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 02 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | r0t is credited with the discovery of this vulnerability. |
| Vulnerable: |
Open Webmail Open Webmail 2.5.2 20060821 |
| Not Vulnerable: |
Open Webmail Open Webmail 2.5.3 |
Discussion
Open WebMail Multiple Cross-Site Scripting Vulnerabilities
Open WebMail is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Open WebMail is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
Open WebMail Multiple Cross-Site Scripting Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
An attacker can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
Solution / Fix
Open WebMail Multiple Cross-Site Scripting Vulnerabilities
Solution:
Reports indicate that these issues were addressed in Open WebMail 2.5.3. Symantec has not verified this information.
Solution:
Reports indicate that these issues were addressed in Open WebMail 2.5.3. Symantec has not verified this information.
References
Open WebMail Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Open Webmail Homepage (Open Webmail)
- OpenWebMail Multiple XSS vuln. (r0t)