Homepage:
http://www.tempinbox.com
Effected files:
checkmail.pl
Description:
Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can
instantly check email.
XSS Vulnerability:
It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG
SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS
attack could occur.