RM EasyMail Plus - Cross-Site Scripting Vulnerability #2
This cross-site scripting vulnerability can be exploited if a client views an email with a specially crafted title.
Vulnerable E-Mail Title: </title><script>alert(1)</script>
Vulnerable: RM EasyMail Plus
Google d0rk: intitle:"Powered by RM EasyMail Plus"
John Martinelli
john (at) martinelli (dot) com [email concealed]
RedLevel Security
RedLevel.org
May 19th, 2007