IlohaMail user Parameter XSS

2003-12-01T05:07:19
ID OSVDB:2879
Type osvdb
Reporter OSVDB
Modified 2003-12-01T05:07:19

Description

Vulnerability Description

IlohaMail contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the "user" parameter variable upon submission. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

Solution Description

Upgrade to version 0.8.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IlohaMail contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate the "user" parameter variable upon submission. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

References:

Vendor URL: http://www.ilohamail.org Secunia Advisory ID:10320 ISS X-Force ID: 13872 Bugtraq ID: 9131