76 matches found
CVE-2017-15727
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting XSS via an HTML attachment...
CVE-2017-15727
The CVE-2017-15727 entry concerns phpMyFAQ prior to 2.9.9, with a Stored Cross-site Scripting (XSS) vulnerability via an HTML attachment. Multiple connected sources (NVD/NVD-derived, CNVD, OSV, CVE lists, and OpenVAS notes) consistently describe that an attacker can inject arbitrary script by upl...
Mail.ru: XSS bypass Script execute,Read any file,execute any javascript code--UXSS
Mail attachment XSS bypass vulnerability--UXSS Vulnerability impact: Mail.Ru Mail for iOS MyMail for iOS explain: Mail app supports HTML attachments, however,Cannot execute javascript. for example alert/xss/ These statements can not be executed in the html attachments...LOL However, the addition ...
CVE-2017-5223
An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML method applies transformations to an HTML document to make it usable as an email message body. One of the transformations is to convert relative image URLs into attachments using a script-provided base directory. If no base...
Open-Xchange: OX (Guard): Stored Cross-Site Scripting via Email Attachment
Summary Improper handling of email attachments by "OX Guard" causes a Stored Cross-Site Scripting XSS vulnerability inside the OX "Mail" module. Injected code will be executed when the victim opens the HTML attachment of a decrypted email by using the "Open in browser" link/button. Proof of Conce...
Yahoo Fixes Trio of Bugs in Mail, Messenger, Flickr
Yahoo recently patched three remotely exploitable vulnerabilities in its services that could have let attackers inject malicious script and led to session hijacking, phishing, among other nefarious tricks. The vulnerabilities in Yahoo Mail, Messenger and its Flickr photo-sharing site qualified fo...
iPlanet Messaging Server 5.0/5.1 HTML Attachment Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7704/info It has been reported that iPlanet Messaging Server may be prone to cross-site scripting attacks. The problem is said to occur while processing HTML attachments received via e-mail. If successfully exploited, a...
Microsoft Outlook 5.5/2000 Web Access HTML Attachment Script Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8113/info OWA contains a vulnerability that may result in attacker-supplied script code executing within the context of the mail interface when processing e-mail containing HTML message attachments. It is possible to...
Cross site scripting
Cross-site scripting XSS vulnerability in MyBB MyBulletinBoard 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment...
E107 + IPB XSS Exploit
E107 + IPB XSS Exploit memo Works on e107 and IPB "maybe others like xoops not yet tested" An XSS vulnerability allowed users to inject code When posting a html attachment tested succesfully on ipb 1.0.3 all the vers should be vuln tested on e107 6. Patch none yet, workround. disalow .html as...
CVE-2005-2176
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies...
CVE-2005-2176
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies...
Lotus Notes mail server crossite scripting
HTML attachment content is not filtered in Web interface...
HastyMail HTML Attachment Content-Disposition Header XSS
Binary data 2167.prm...
HastyMail HTML Attachment Script Execution
The remote host is running HastyMail, a PHP-based mail client application. The installed version contains a flaw caused by email attachments not being properly defined int he Content-Disposition HTTP header. An attacker could exploit this flaw to inject Javascript or ActiveX code in an attachment...
Microsoft Outlook Express for MacOS HTML Attachment Automatic Download Vulnerability
Binary data 1293.prm...