header-logo
Suggest Exploit
vendor:
FTGatePro Mail Server
by:
SecurityFocus
3.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: FTGatePro Mail Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

FloopTek FTGatePro Mail Server Cross-Site Scripting Vulnerability

FloopTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed. This issue exists in the web administrative interface, which listens on port 8089 by default.

Mitigation:

Ensure that user input is properly sanitized and filtered before being used in the application.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8528/info

FloosieTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.

This issue exists in the web administrative interface, which listens on port 8089 by default. 

http://www.example.com:8089/help/index.fts?href=<script>alert('C.S.S')</script>

Navigation

Suggest Exploit

Services By CQR