tempinbox.com suffers from cross site scripting flaws.
5f3845e67002852cc67989d303df310ff80f5a403ebbac80f56f899942130e8a
Tempinbox.com
Homepage:
http://www.tempinbox.com
Effected files:
checkmail.pl
Description:
Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can instantly check email.
XSS Vulnerability:
It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS attack could occur.