Computer Security

Security Advisory: RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution

  WIYS v1.0 Cross-Site Scripting Vulnerability - (05.24.2007)  (NEW)

  [waraxe-2007-SA#051] - Sql Injection in 2z Project 0.9.5

  ABC Excel Parser Pro v4.0 Remote File Include Exploit

From:john_(at)_martinelli.com <john_(at)_martinelli.com>
Date:25.05.2007
Subject:RedLevel Advisory #018 - RM EasyMail Plus - Cross-Site Scripting Vulnerability #2

RM EasyMail Plus - Cross-Site Scripting Vulnerability #2

This cross-site scripting vulnerability can be exploited if a client views an email with a specially crafted title.

Vulnerable E-Mail Title: </title><script>alert(1)</script>
Vulnerable: RM EasyMail Plus
Google d0rk: intitle:"Powered by RM EasyMail Plus"

John Martinelli
john@martinelli.com

RedLevel Security
RedLevel.org

May 19th, 2007
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru