7 lines
No EOL
574 B
Text
7 lines
No EOL
574 B
Text
source: http://www.securityfocus.com/bid/7813/info
|
|
|
|
Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.
|
|
|
|
An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link.
|
|
|
|
http://www.example.org/browse.asp?<script>alert(document.cookie)</script> |