Hastymail2 'rs' Parameter Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running Hastymail2 and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Hastymail2 version 2.1.1 RC2 or later, For updates refer to http://www.hastymail.org/downloads/

Insight

The flaw is due to improper validation of user-supplied input via the 'rs' parameter to index.php (when 'page' is set to 'mailbox' and 'mailbox' is set to 'Drafts'), which allows attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

Affected

Hastymail2 version 2.1.1

References

http://www.securityfocus.com/bid/50789
https://www.dognaedis.com/vulns/DGS-SEC-2.html
https://www.dognaedis.com/vulns/pdf/DGS-SEC-2.pdf

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4541

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Afian 'includer.php' Directory Traversal Vulnerability

Take action and discover your vulnerabilities