| Title | HSC Cybersecurity mailinspector 5.3.2-3 Cross Site Scripting |
|---|
| Description | A reflected Cross-Site Scripting (XSS) vulnerability was identified in the MAIL INSPECTOR system, version 5.3.2-3. The issue affects the error_description parameter, which is processed via an HTTP GET request and reflected into the page source without proper input sanitization or validation.
As a result, an unauthenticated attacker can inject arbitrary JavaScript code that will be executed within the context of the victim’s browser when a crafted URL is accessed. The vulnerability can be exploited without prior authentication, significantly increasing the attack surface and potential impact, which may include session hijacking, malicious redirection, or execution of unauthorized actions on behalf of the affected user. |
|---|
| Source | ⚠️ https://docs.google.com/document/d/1KI2SIDcVm5U3Yzo5tNT5YOwREQWe_5BJaWe-ctRmLoI/edit?usp=sharing |
|---|
| User | gabriel (UID 72007) |
|---|
| Submission | 01/29/2026 03:03 (2 months ago) |
|---|
| Moderation | 03/05/2026 19:06 (1 month later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 349219 [HSC Cybersecurity Mailinspector up to 5.3.2-3 URL mliUserValidation.php error_description cross site scripting] |
|---|
| Points | 20 |
|---|