A Cross-Site Scripting (XSS) vulnerability was discovered in Postie 1.4.3. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'From' field of an email. An attacker can exploit this vulnerability by sending a malicious email with a specially crafted payload to a victim. The payload will be executed in the victim's browser when the victim views the email.
A Cross-Site Scripting (XSS) vulnerability was discovered in OTRS Open Technology Real Services version 3.1.4. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Body' parameter. A remote attacker can send a specially crafted request containing malicious HTML and script code to the vulnerable application and execute arbitrary code in the browser of the victim in the context of the vulnerable site. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials and launch other attacks.
Mini Mail Dashboard Widget version 1.42 is vulnerable to Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Body' field. An attacker can exploit this vulnerability by injecting malicious JavaScript code in the 'Body' field. The malicious code will be executed in the browser of the victim when the 'View in HTML' option is clicked. This vulnerability affects all versions of Mini Mail Dashboard Widget prior to version 1.43.
Alt-N MDaemon Free version 12.5.4 is vulnerable to Cross-Site Scripting (XSS). An attacker can exploit this vulnerability by sending a maliciously crafted email containing a malicious payload to a victim. The payload is then executed in the victim's browser, allowing the attacker to gain access to the victim's system.
ManageEngine Service Desk Plus (Windows standard) is vulnerable to Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of user-supplied input to the 'Body' parameter. An attacker can exploit this vulnerability by injecting malicious JavaScript code into the 'Body' parameter. This code will be executed in the browser of the victim when the vulnerable page is accessed.
This exploits an insecure config found in Scrutinizer NetFlow & sFlow Analyzer. By default, the software installs a default password in MySQL, and binds the service to '0.0.0.0'. This allows any remote user to login to MySQL, and then gain arbitrary remote code execution under the context of 'SYSTEM'. Examples of default credentials include: 'scrutinizer:admin', and 'scrutremote:admin'.
This module allows remote command execution on the PHP IRC bot pbot by abusing the usage of eval() in the implementation of the .php command. In order to work, the data to connect to the IRC server and channel where find pbot must be provided. The module has been successfully tested on the version of pbot analyzed by Jay Turla, and published on Infosec Institute, running over Ubuntu 10.04 and Windows XP SP3.
MailTraq 2.17.3.3150 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the Subject, Body, and Date fields of an email, which will be executed when the email is viewed. This can be used to steal cookies, hijack user sessions, and redirect users to malicious websites.
MailEnable Enterprise 6.5 is vulnerable to Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'From', 'Body', 'To' and 'Subject' fields of an email message. This code will be executed when the message is viewed by the recipient. The malicious code can be used to steal cookies, hijack sessions, and redirect users to malicious websites.
Cross-Site Scripting (XSS) vulnerability in ESCON SupportPortal Pro 3.0 allows remote attackers to inject arbitrary web script or HTML via the body parameter.
Services By CQR