Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Cross-Site Scripting Vulnerabilities in InMail and InShop - exploit.company
header-logo
Suggest Exploit
vendor:
InMail and InShop
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting (XSS)
79
CWE
Product Name: InMail and InShop
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerabilities in InMail and InShop

InMail and InShop are susceptible to cross-site scripting vulnerabilities. These vulnerabilities occur due to a failure to properly sanitize user-supplied input before including it in dynamic web pages. An attacker can exploit these vulnerabilities by creating a malicious URI link that contains hostile HTML and script code. If a victim user follows this link, the hostile code may be rendered in their web browser, potentially allowing for theft of cookie-based authentication credentials or other attacks.

Mitigation:

To mitigate these vulnerabilities, it is recommended to implement proper input validation and sanitization techniques to prevent the inclusion of malicious code in dynamic web pages. Additionally, the use of content security policies and output encoding can help protect against XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11758/info

InMail and InShop are both reported susceptible to cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly sanitize user-supplied input prior to including it in dynamic Web pages.

These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials or other attacks.

http://www.example.com/mod_perl/inmail.pl?acao=<<h1>opss!</h1>
http://www.example.com/mod_perl/inshop.pl?screen=<script>alert(document.cookie);</script>

Navigation

Suggest Exploit

Services By CQR