3 matches found
Matt Wright FormMail Multiple cross-site scripting (XSS) vulnerabilities (CVE-2009-1776; CVE-2009-1777)
FormMail is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal...
CVE-2009-1776
Multiple cross-site scripting XSS vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the 1 request and 2 returnlinkurl parameters...
CVE-2009-1776
CVE-2009-1776 affects Matt Wright FormMail’s FormMail.pl (FormMail 1.92 and possibly earlier). The vulnerability allows cross-site scripting via javascript: URIs in the (1) request and (2) return_link_url parameters, enabling remote attackers to inject arbitrary script/HTML in victims’ browsers. ...