Alt-N MDaemon Email Body HTML Injection Vulnerability
BID:58070
Info
Alt-N MDaemon Email Body HTML Injection Vulnerability
| Bugtraq ID: | 58070 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 18 2013 12:00AM |
| Updated: | Mar 19 2015 08:09AM |
| Credit: | QSecure and Demetris Papapetrou |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Alt-N MDaemon Email Body HTML Injection Vulnerability
MDaemon is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML or Javascript code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
MDaemon 13.0.3 and prior versions are vulnerable.
MDaemon is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will allow attacker-supplied HTML or Javascript code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.
MDaemon 13.0.3 and prior versions are vulnerable.
Exploit / POC
Alt-N MDaemon Email Body HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Alt-N MDaemon Email Body HTML Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Alt-N MDaemon Email Body HTML Injection Vulnerability
References:
References:
- Alt-N Homepage (Alt-N)
- Alt-N MDaemon Email Body HTML/JS Injection Vulnerability (QSECURE)
- MDaemon Server v13 Release Notes (Alt-N Technologies)