header-logo
Suggest Exploit
vendor:
Uebimiau
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting and Information Disclosure
79, 200
CWE
Product Name: Uebimiau
Affected Version From: 2.7.2002
Affected Version To: 2.7.10
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Uebimiau Multiple Input-Validation Vulnerabilities

Uebimiau is prone to multiple input-validation vulnerabilities, including cross-site scripting issues and an information-disclosure issue, because the application fails to properly sanitize user-supplied input. Attackers can exploit these issues to steal cookie-based authentication credentials, to control how the site is rendered to the user, or to gain access to information that could aid in further attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/24210/info

Uebimiau is prone to multiple input-validation vulnerabilities, including cross-site scripting issues and an information-disclosure issue, because the application fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie-based authentication credentials, to control how the site is rendered to the user, or to gain access to information that could aid in further attacks.

Uebimiau 2.7.2 and 2.7.10 are vulnerable; other versions may also be affected. 

http://www.example.org/demo/pop3/error.php?selected_theme=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Navigation

Suggest Exploit

Services By CQR