Matt Wright FormMail HTTP Response Splitting And Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

FormMail is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. These issues affect FormMail 1.92 prior versions may also be affected.

References

http://www.securityfocus.com/bid/34929

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1776

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache Tomcat Information Disclosure Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities

Matt Wright FormMail HTTP Response Splitting and Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities