PSCS VPOP3 2.0 Email Server WebAdmin - Cross-Site Scripting

EDB-ID:

23271

CVE:

2003-1522

EDB Verified:

Author:

SecuriTeam

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2003-10-22

Vulnerable App: 
source: https://www.securityfocus.com/bid/8869/info

It has been reported that PSCS VPOP3 Email Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to embed malicious HTML and script code in a link. The issue is reported to be present in the WebAdmin utility of the software because of improper sanitization of user-supplied data that will be displayed by the utility.

Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.

PSCS VPOP3 versions 2.0.0e and 2.0.0f have been reported to be prone to this vulnerability, however other versions may be affected as well. 

index.html?redirect=admin/index.html";%0Devil_script;%0D//
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services