@Mail task.pl func Variable XSS

2005-07-28T12:33:49
ID OSVDB:18338
Type osvdb
Reporter Lostmon Lords(Lostmon@gmail.com)
Modified 2005-07-28T12:33:49

Description

Vulnerability Description

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'func' variable upon submission to task.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Calacode has released a patch for version 4.11 to address this vulnerability.

Short Description

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'func' variable upon submission to task.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/task.pl?func=todo[XSS-CODE]

References:

Vendor URL: http://www.atmail.com/ Secunia Advisory ID:16252 Related OSVDB ID: 18339 Related OSVDB ID: 18337 Related OSVDB ID: 18340 Other Advisory URL: http://lostmon.blogspot.com/2005/07/mail-multiple-variable-cross-site.html