logo
DATABASE RESOURCES PRICING ABOUT US

MailEnable ForgottenPassword.aspx Username Parameter XSS

Description

The webmail client bundled with MailEnable is affected by a cross-site scripting vulnerability in the ForgottenPassword.aspx script. The 'Username' parameter fails to properly sanitize user- supplied input. Successful exploitation would allow an attacker to steal cookies used for webmail access.


Related