header-logo
Suggest Exploit
vendor:
Web Mail Module
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site Scripting (XSS)
79
CWE
Product Name: Web Mail Module
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

PHP-Nuke Web Mail Module Vulnerability

Due to insufficient sanitization of HTML emails, it is possible for an attacker to embed script code into malicious messages. Opening an email containing attacker-supplied script code would result in the execution of arbitrary script code within the client's browser.

Mitigation:

Sanitize HTML emails before displaying them to the user.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6400/info

A vulnerability has been discovered in the PHP-Nuke web mail module. Due to insufficient sanitization of HTML emails it is possible for an attacker to embed script code into malicious messages. Opening an email containing attacker-supplied script code would result in the execution of arbitrary script code within the client's browser.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/22090.zip

Navigation

Suggest Exploit

Services By CQR