header-logo
Suggest Exploit
vendor:
VPOP3 Email Server
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: VPOP3 Email Server
Affected Version From: 2.0.0e
Affected Version To: 2.0.0f
Patch Exists: YES
Related CWE: N/A
CPE: PSCS VPOP3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

PSCS VPOP3 Email Server Cross-Site Scripting Vulnerability

It has been reported that PSCS VPOP3 Email Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to embed malicious HTML and script code in a link. The issue is reported to be present in the WebAdmin utility of the software because of improper sanitization of user-supplied data that will be displayed by the utility. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized before being displayed by the WebAdmin utility.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8869/info

It has been reported that PSCS VPOP3 Email Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to embed malicious HTML and script code in a link. The issue is reported to be present in the WebAdmin utility of the software because of improper sanitization of user-supplied data that will be displayed by the utility.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

PSCS VPOP3 versions 2.0.0e and 2.0.0f have been reported to be prone to this vulnerability, however other versions may be affected as well. 

index.html?redirect=admin/index.html";%0Devil_script;%0D//

Navigation

Suggest Exploit

Services By CQR