@Mail printcal.pl Multiple Variable XSS

2005-07-28T12:33:49
ID OSVDB:18337
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-07-28T12:33:49

Description

Vulnerability Description

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' or 'type' variables upon submission to printcal.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Calacode has released a patch for version 4.11 to address this vulnerability.

Short Description

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' or 'type' variables upon submission to printcal.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/printcal.pl?year=[XSS-CODE]&month=11&type=4 http://[victim]/printcal.pl?year=&month=11&type=4[XSS-CODE] http://[victim]/printcal.pl?type=4[XSS-CODE]

References:

Vendor URL: http://www.atmail.com/ Secunia Advisory ID:16252 Related OSVDB ID: 18339 Related OSVDB ID: 18338 Related OSVDB ID: 18340 Other Advisory URL: http://lostmon.blogspot.com/2005/07/mail-multiple-variable-cross-site.html