7 lines
No EOL
572 B
Text
7 lines
No EOL
572 B
Text
source: https://www.securityfocus.com/bid/8528/info
|
|
|
|
FloosieTek FTGatePro Mail Server is prone to a cross-site scripting vulnerability. A remote attacker could exploit this issue by enticing a legitimate user of the mail server to follow a malicious link with embedded HTML and script code. The attacker-supplied code would potentially be rendered in the user's browser when the link is followed.
|
|
|
|
This issue exists in the web administrative interface, which listens on port 8089 by default.
|
|
|
|
http://www.example.com:8089/help/index.fts?href=<script>alert('C.S.S')</script> |