header-logo
Suggest Exploit
vendor:
Mailtraq
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Mailtraq
Affected Version From: 2.11
Affected Version To: 2.11
Patch Exists: YES
Related CWE: CVE-2003-0753
CPE: o:mailtraq:mailtraq:2.11
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2003

Mailtraq Cross-Site Scripting Vulnerability

Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server. An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.

Mitigation:

Mailtraq has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7813/info

Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.

An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. 

http://www.example.org/browse.asp?<script>alert(document.cookie)</script>

Navigation

Suggest Exploit

Services By CQR