header-logo
Suggest Exploit
vendor:
MailPost
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: MailPost
Affected Version From: 5.1.1sv
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:mailpost:mailpost:5.1.1sv
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

MailPost Cross-Site Scripting Vulnerability

The MailPost application is prone to a cross-site scripting vulnerability. This allows an attacker to execute arbitrary HTML and script code in a user's browser by injecting malicious code through insufficiently sanitized user-supplied data. The vulnerability can be exploited to steal cookie-based authentication credentials or launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied data before using it in dynamically generated web pages or scripts. Implementing proper input validation and output encoding techniques can help prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11596/info

MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser.

This vulnerability may allow for theft of cookie-based authentication credentials or other attacks.

MailPost 5.1.1sv is reported prone to this issue. It is possible that other versions are affected as well.

http://www.example.com/scripts/mailpost.exe?*debug*=''&append=<script>alert('Can%20Cross%20Site%20Script')</script>