| VID |
21370 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The IlohaMail, according to its version number, has an User Parameter Cross-Site Scripting vulnerability. IlohaMail is a webmail package written in PHP. IlohaMail version 0.8.10-stable and earlier are vulnerable to a cross-site scripting attack, caused by improper filtering of the "user" parameter. This could allow a remote attacker to send a specially crafted request that would execute malicious HTML and script code in the victim's Web browser.
* Note: This check solely relied on the version number of the remote IlohaMail software to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=2879
http://sourceforge.net/mailarchive/forum.php?thread_id=3589704&forum_id=27701
http://secunia.com/advisories/10320
* Platforms Affected:
IlohaMail version 0.8.10 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of IlohaMail (0.8.11 or later), available from the IlohaMail Download site at http://sourceforge.net/projects/ilohamail/ |
| Related URL |
(CVE) |
| Related URL |
9131 (SecurityFocus) |
| Related URL |
13872 (ISS) |
|
