header-logo
Suggest Exploit
vendor:
EmuMail
by:
SecurityFocus
7,5
CVSS
HIGH
Input Validation Vulnerability
20
CWE
Product Name: EmuMail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix, Linux, and Microsoft Windows
2002

EmuMail Input Validation Vulnerability

EmuMail is an open source web mail application available for the Unix, Linux, and Microsoft Windows operating systems. It has been reported that EmuMail does not properly sanitize input. Under some conditions, it is possible to pass an email containing script or html code through the EmuMail web mail interface. This would result in execution of the script code in the security context of the EmuMail site. Entering the string '<script>alert(document.cookie)</script>' into the email address field on the main form will cause the script to be executed when the email is viewed.

Mitigation:

Input validation should be performed to ensure that malicious code is not passed through the web mail interface.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5824/info

Emumail is an open source web mail application. It is available for the Unix, Linux, and Microsoft Windows operating systems.

It has been reported that EmuMail does not properly sanitize input. Under some conditions, it is possible to pass an email containing script or html code through the EmuMail web mail interface. This would result in execution of the script code in the security context of the EmuMail site.

Entering the string below into the email address field on the main form:

<script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR