header-logo
Suggest Exploit
vendor:
Outblaze Webmail
by:
Unknown
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: Outblaze Webmail
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:outblaze:webmail
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Outblaze Webmail HTML Injection Vulnerability

The Outblaze Webmail application is prone to an HTML injection vulnerability. This vulnerability occurs when the application fails to properly sanitize user-supplied HTML email content. An attacker can exploit this vulnerability by injecting HTML and script code into the application through HTML emails.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent HTML injection attacks. Additionally, users should be cautious when opening HTML emails from unknown or untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10756/info

Outblaze Webmail is reported prone to an-HTML injection vulnerability because the application fails to properly sanitize user-supplied HTML email content.

An attacker may be able to inject HTML and script code into the application through HTML email because it isn't properly sanitized.

An attacker can exploit this issue to access an unsuspecting user's cookie-based authentication credentials and to retrieve personal email. Other attacks are also possible.

<IMG SRC="javasc&#X0A;ript:alert (document.cookie)";" border="0" height="1" width="1">

Navigation

Suggest Exploit

Services By CQR