Lucene search

K
seebugRootSSV:75839
HistoryJul 01, 2014 - 12:00 a.m.

Mhonarc 2.5.x Mail Header HTML Injection Vulnerability

2014-07-0100:00:00
Root
www.seebug.org
10

No description provided by source.


                                                source: http://www.securityfocus.com/bid/6204/info

A HTML injection vulnerability has been discovered in Mhonarc.

An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the message to HTML, any malicious HTML code will be executed within the context of the displayed web page.

To: <[email protected]>
From: <[email protected]>
Header<SCRIPT>hello</SCRIPT>def: whatever