| 제목 | Icewarp Webclient 10.1.3/10.2.0 Https Post Request Cross Site Scripting |
|---|
| 설명 | CVE-2010-5337
> [Suggested description]
> IceWarp Webclient before 10.2.1 has XSS via
> an HTTP POST request:
> webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
> ------------------------------------------
> [Additional Information]
> The vulnerability was discovered in 2010, but no CVE-ID was requested at that time.
> ------------------------------------------
> [Vulnerability Type]
> Cross Site Scripting (XSS)
> ------------------------------------------
> [Vendor of Product]
> IceWarp
> ------------------------------------------
> [Affected Product Code Base]
> IceWarp Webclient - 10.1.3 (partially)
> IceWarp Webclient - 10.2.0
> ------------------------------------------
> [Affected Component]
> http[s]://host/admin/login.html (username), http[s]://host/webmail/basic/ (_dlg[captcha][controller]), http[s]://host/webmail/basic/ (_dlg[captcha][action]), http[s]://host/webmail/basic/ (_dlg[captcha][uid]), http[s]://host/webmail/ (password)
> ------------------------------------------
> [Attack Type]
> Remote
> ------------------------------------------
> [Impact Code execution]
> true
> ------------------------------------------
> [Reference]
> https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602
> https://vuldb.com/?id.142993
> ------------------------------------------
> [Has vendor confirmed or acknowledged the vulnerability?]
> true
> ------------------------------------------
> [Discoverer]
> Ron Ott/Michael Schneider/Thomas Wittmann |
|---|
| 사용자 | misc (UID 3) |
|---|
| 제출 | 2019. 10. 11. PM 12:53 (7 연령 ago) |
|---|
| 모더레이션 | 2019. 10. 11. PM 01:45 (51 minutes later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 143375 [Icewarp Webclient 10.1.3/10.2.0 POST Request webmail/basic/ _dlg[captcha][controller] 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|