This host is installed with phlyLabs phlyMail Lite and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site and displaying the full webapp installation path. Impact Level: Application

Upgrade to phlyLabs phlyMail Lite version 4.3.57 or later. For updates refer to http://phlymail.com/en/index.html

- Input passed via the 'go' parameter in 'derefer.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website. - phlyMail suffers from multiple stored XSS vulnerabilities (post-auth) and path disclosure when input passed via several parameters to several scripts is not properly sanitized before being returned to the user.

phlyLabs phlyMail Lite version 4.03.04

• http://cxsecurity.com/issue/WLB-2013010113
• http://www.exploit-db.com/exploits/24086
• http://www.exploit-db.com/exploits/24087
• http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5122.php

---

Updated on 2015-03-25