9 lines
No EOL
767 B
Text
9 lines
No EOL
767 B
Text
source: https://www.securityfocus.com/bid/8869/info
|
|
|
|
It has been reported that PSCS VPOP3 Email Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to embed malicious HTML and script code in a link. The issue is reported to be present in the WebAdmin utility of the software because of improper sanitization of user-supplied data that will be displayed by the utility.
|
|
|
|
Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
|
|
|
|
PSCS VPOP3 versions 2.0.0e and 2.0.0f have been reported to be prone to this vulnerability, however other versions may be affected as well.
|
|
|
|
index.html?redirect=admin/index.html";%0Devil_script;%0D// |