HomePentest-Tools.com Logo

Hastymail2 < 2.1.1 RC2 XSS Vulnerability CVE-2011-4541

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Hastymail2 is prone to a cross-site scripting (XSS) vulnerability.

Risk description

The flaw is due to improper validation of user-supplied input via the rs parameter to index.php (when page is set to mailbox and mailbox is set to Drafts), which allows attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site. Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a users browser session in the context of an affected site.

Recommendation

Update to version 2.1.1 RC2 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Nov 29, 2011
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available