Summary
The remote web server contains a PHP script which is vulnerable to a cross site scripting vulnerability.
Description :
The target is running at least one instance of IlohaMail version 0.8.12 or earlier. Such versions do not properly sanitize message headers, leaving users vulnerable to XSS attacks. For example, a remote attacker could inject Javascript code that steals the user's session cookie and thereby gain access to that user's account.
Solution
Upgrade to IlohaMail version 0.8.13 or later.
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Directory Listing and File disclosure
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Afian 'includer.php' Directory Traversal Vulnerability
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability