Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
MailPost Cross-Site Scripting Vulnerability - exploit.company
header-logo
Suggest Exploit
vendor:
MailPost
by:
Unknown
5.5
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: MailPost
Affected Version From: 5.1.1sv
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:mailpost:mailpost:5.1.1sv
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

MailPost Cross-Site Scripting Vulnerability

The MailPost application is prone to a cross-site scripting vulnerability. This allows an attacker to execute arbitrary HTML and script code in a user's browser by injecting malicious code through insufficiently sanitized user-supplied data. The vulnerability can be exploited to steal cookie-based authentication credentials or launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied data before using it in dynamically generated web pages or scripts. Implementing proper input validation and output encoding techniques can help prevent cross-site scripting attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/11596/info

MailPost is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data and can allow an attacker to execute arbitrary HTML and script code in a user's browser.

This vulnerability may allow for theft of cookie-based authentication credentials or other attacks.

MailPost 5.1.1sv is reported prone to this issue. It is possible that other versions are affected as well.

http://www.example.com/scripts/mailpost.exe?*debug*=''&append=<script>alert('Can%20Cross%20Site%20Script')</script>

Navigation

Suggest Exploit

Services By CQR