CVE-2012-2586

Multiple cross-site scripting XSS vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with 1 a JavaScript alert function used in conjunction with the fromCharCode method or 2 a SCRIPT element; an e-mail message body...

Cross site scripting

Cross-site scripting XSS vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message...

CVE-2012-2575

Cross-site scripting XSS vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message...

CVE-2012-2575

NetWin SurgeMail 6.0a4 is affected by a Cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message. This is triggered by HTML emails, enabling script execution in som...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2585

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...

CVE-2012-2587

Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...

CVE-2012-2573

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2587

Multiple cross-site scripting XSS vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of 1 an IFRAME element or 2 a SCRIPT element...

CVE-2012-2590

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

PT-2012-4111

Name of the Vulnerable Software and Affected Versions WinWebMail Server version 3.8.1.6 Description The issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body using various methods, including a SCRIPT element, crafted Cascading Style Sheets CSS expressions...

Surgemail 6.0a4 - Persistent Cross-Site Scripting

Surgemail 6.0a4 - Persistent Cross-Site Scripting !/usr/bin/python ''' Author: loneferret of Offensive Security Product: SurgeMail Version: 6.0a4 Vendor Site: http://www.netwinsite.com Software Download: http://netwinsite.com/download.htm Timeline: 29 May 2012: Vulnerability reported to CERT 30 M...

Surgemail 6.0a4 - Persistent Cross-Site Scripting

!/usr/bin/python ''' Author: loneferret of Offensive Security Product: SurgeMail Version: 6.0a4 Vendor Site: http://www.netwinsite.com Software Download: http://netwinsite.com/download.htm Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: Response received from CERT with disclosu...