header-logo
Suggest Exploit
vendor:
1st Class Mail Server
by:
Unknown
5.5
CVSS
MEDIUM
Directory Traversal and Cross-Site Scripting (XSS)
22
CWE
Product Name: 1st Class Mail Server
Affected Version From: 04.01
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE-2004-1064
CPE: a:first_class:1st_class_mail_server:4.01
Other Scripts:
Platforms Tested: Unknown
Unknown

Multiple vulnerabilities in 1st Class Mail Server

The 1st Class Mail Server version 4.01 is vulnerable to directory traversal and cross-site scripting attacks. An attacker can exploit these vulnerabilities by manipulating the 'viewmail.tagz' parameter in the URL, allowing them to access arbitrary files on the server and inject malicious HTML code.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update the 1st Class Mail Server to a patched version or implement appropriate input validation to prevent directory traversal and XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10089/info

Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.

1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well. 

http://www.example.com/AUTH=[some_value]/user/viewmail.tagz?Site=www.example.com&Mailbox=3&MessageIndex=[html_code]>