4 matches found
CVE-2018-9330
The provided sources confirm a stored XSS vulnerability in Coremail XT3.0 (register.jsp), specifically via the third form field in a URI under register/. The OpenVAS entry refers to Coremail XT <= 3.0 Stored XSS Vulnerability, implying impact on older XT3.0 deployments. The NVD/NVD-derived ent...
CVE-2015-6942
Cross-site scripting XSS vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment...
CVE-2015-6942
CVE-2015-6942 is an XSS vulnerability in Coremail XT3.0, where a hyperlink embedded in a document attachment can execute arbitrary script when the recipient previews the attachment. Public details indicate a stored XSS scenario via a hyperlink in the attachment, aligning with the Coremail XT3.0 c...
Coremail一处存储型跨站脚本(有触发条件)
简要描述: Coremail一处存储型跨站脚本漏洞,已申请CVE编号:CVE-2015-6942 详细说明: 影响版本:XT3.0 其他版本未测试 测试步骤: 1.首先创建一个带有超链接的doc文档,超链接为"javascript:alert" 2.创建一封邮件并上传附件,然后发送给需要攻击的用户可发送给任意用户。 3.受害者如果在WebMail里打开邮件并在线预览doc文档时,点击超链接,即可执行攻击代码。 4.重新将文档中的超链接换成location.href方式获取Cookie的超连接的即可...