Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
BID:50708
Info
Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
| Bugtraq ID: | 50708 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-4541 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 17 2011 12:00AM |
| Updated: | Nov 30 2011 06:36PM |
| Credit: | Bruno Teixeira |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
Hastymail2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Hastymail2 1.1 RC1 is vulnerable; other versions may also be affected.
Hastymail2 is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Hastymail2 1.1 RC1 is vulnerable; other versions may also be affected.
Exploit / POC
Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
To exploit the issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
To exploit the issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Hastymail2 'ajax.php' Cross Site Scripting Vulnerability
References:
References:
- Hastymail2 1.1 RC2 Now Available (Hastymail)
- Hastymail2 1.1 RC2 Stable released November 10 2011, addresses two security issu (Hastymail)
- Hastymail2 Homepage (Hastymail)