Submeter #98: Icewarp Webclient 10.1.3/10.2.0 Https Post Request Cross Site Scriptinginformação

Título	Icewarp Webclient 10.1.3/10.2.0 Https Post Request Cross Site Scripting
Descrição	CVE-2010-5339 > [Suggested description] > IceWarp Webclient before 10.2.1 has XSS via > an HTTP POST request: > webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. > ------------------------------------------ > [Additional Information] > The vulnerability was discovered in 2010, but no CVE-ID was requested at that time. > ------------------------------------------ > [Vulnerability Type] > Cross Site Scripting (XSS) > ------------------------------------------ > [Vendor of Product] > IceWarp > ------------------------------------------ > [Affected Product Code Base] > IceWarp Webclient - 10.1.3 (partially) > IceWarp Webclient - 10.2.0 > ------------------------------------------ > [Affected Component] > http[s]://host/admin/login.html (username), http[s]://host/webmail/basic/ (_dlg[captcha][controller]), http[s]://host/webmail/basic/ (_dlg[captcha][action]), http[s]://host/webmail/basic/ (_dlg[captcha][uid]), http[s]://host/webmail/ (password) > ------------------------------------------ > [Attack Type] > Remote > ------------------------------------------ > [Impact Code execution] > true > ------------------------------------------ > [Reference] > https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602 > https://vuldb.com/?id.142993 > ------------------------------------------ > [Has vendor confirmed or acknowledged the vulnerability?] > true > ------------------------------------------ > [Discoverer] > Ron Ott/Michael Schneider/Thomas Wittmann
Utilizador	misc (UID 3)
Submissão	11/10/2019 12h56 (há 7 anos)
Moderação	11/10/2019 14h05 (1 hour later)
Estado	Aceite
Entrada VulDB	143377 [Icewarp Webclient 10.1.3/10.2.0 webmail/basic/ _dlg[captcha][uid] Script de Site Cruzado]
Pontos	17

◂ Voltar Visão Geral Próximo ▸

Do you need the next level of professionalism?

Upgrade your account now!