header-logo
Suggest Exploit
vendor:
SmarterMail
by:
SecurityFocus
7.5
CVSS
HIGH
HTML-injection
79
CWE
Product Name: SmarterMail
Affected Version From: SmarterMail Enterprise 4.3
Affected Version To: Other versions may also be affected.
Patch Exists: Yes
Related CWE: N/A
CPE: a:smartertools:smartermail
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

SmarterMail HTML-injection Vulnerability

SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Input validation should be used to ensure that user-supplied data does not contain malicious HTML or script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/27878/info

SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

SmarterMail Enterprise 4.3 is vulnerable; other versions may also be affected. 

<XSS STYLE="xss:expression(alert(&#039;1&#039;))"><XSS 
STYLE="xss:expression(alert(&#039;2&#039;))">

Navigation

Suggest Exploit

Services By CQR