header-logo
Suggest Exploit
vendor:
Virtual Keyboard plugin for SquirrelMail
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: Virtual Keyboard plugin for SquirrelMail
Affected Version From: 2000.9.1
Affected Version To: 2000.9.1
Patch Exists: YES
Related CWE: Unknown
CPE: a:squirrelmail_project:virtual_keyboard:0.9.1
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting in Virtual Keyboard plugin for SquirrelMail

The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a version of the Virtual Keyboard plugin for SquirrelMail that has addressed this issue. Additionally, users should be cautious when visiting untrusted websites and ensure that they are using the latest security updates for their web browsers.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/43749/info

The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Virtual Keyboard 0.9.1 and prior are vulnerable.

http://www.example.com/plugins/vkeyboard/vkeyboard.php?passformname=%22%3E%3Cscript%3Ealert%28%27XSS%27%29;%3C/script%3E%3Cscript%3E/*%20

Navigation

Suggest Exploit

Services By CQR