OpenWebMail Multiple XSS vuln.

2007.08.07
Credit: r0t
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

OpenWebMail Multiple XSS vuln. ############################################### Vuln. discovered by : r0t Date: 2 August 2007 vendor:openwebmail.org affected versions:2.52 20060831 and previous ############################################### OpenWebMail contains multiple flaws that allows a remote Cross-Site Scripting attacks. 1. file "openwebmail-main.pl" Input passed to the "searchtype" and "longpage" and "page" parameter isn't properly sanitised before being returned to the user. 2. file "openwebmail-prefs.pl" Input passed to the: "prefs_caller", "userfirsttime", "page", "sort", "folder", "message_id" parameter isn't properly sanitised before being returned to the user. 3. file "openwebmail-send.pl" Input passed to the: "compose_caller", "msgdatetype", "keyword", "searchtype", "folder", "page", "sort" parameter isn't properly sanitised before being returned to the user. 4. file "openwebmail-folder.pl" Input passed to the: "folder", "page", "sort" parameter isn't properly sanitised before being returned to the user. 5. file "openwebmail-webdisk.pl" Input passed to the: "searchtype", "page", "filesort", "singlepage", "showhidden", "showthumbnail", "message_id" parameter isn't properly sanitised before being returned to the user. 6. file "openwebmail-advsearch.pl" Input passed to the "folder" parameter isn't properly sanitised before being returned to the user. 7. file "openwebmail-abook.pl" Input passed to the: "abookcollapse", "abooksearchtype", "abooksort", "abooklongpage", "abookpage", "message_id", "searchtype", "msgdatetype", "sort", "page", "rootxowmuid", "listviewmode" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Note: For manual testing use: %22%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E ############################################### Solution: Edit the source code to ensure that input is properly sanitised. ###############################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top