Atmail Webmail Multiple Security vulnerabilities
BID:69715
Info
Atmail Webmail Multiple Security vulnerabilities
| Bugtraq ID: | 69715 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2014 12:00AM |
| Updated: | Sep 08 2014 12:00AM |
| Credit: | smash |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Atmail Webmail Multiple Security vulnerabilities
Atmail Webmail is prone to following security vulnerabilities:
1. Multiple cross-site scripting vulnerabilities
2. Multiple HTML-injection vulnerabilities and
3. An information-disclosure vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or allow the attacker to obtain sensitive information that can aid in launching further attacks.
Atmail Webmail is prone to following security vulnerabilities:
1. Multiple cross-site scripting vulnerabilities
2. Multiple HTML-injection vulnerabilities and
3. An information-disclosure vulnerability
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials or allow the attacker to obtain sensitive information that can aid in launching further attacks.
Exploit / POC
Atmail Webmail Multiple Security vulnerabilities
An attacker can use a Web browser to exploit these issues. To exploit a cross-site scripting vulnerabilities, an attacker must entice an unsuspecting user to follow a malicious URI.
An attacker can use a Web browser to exploit these issues. To exploit a cross-site scripting vulnerabilities, an attacker must entice an unsuspecting user to follow a malicious URI.
Solution / Fix
Atmail Webmail Multiple Security vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].