RM EasyMail Plus跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190409 漏洞类型 跨站脚本
发布时间 2007-05-30 更新时间 2007-05-30
CVE编号 CVE-2007-2915 CNNVD-ID CNNVD-200705-543
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/81761
https://cxsecurity.com/issue/WLB-2007060008
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-543
|漏洞详情
RMEasyMailPlus中存在跨站脚本攻击漏洞。远程攻击者可以借助电子邮件中的标题字段,注入任意的web脚本或HTML。
|漏洞EXP
RM EasyMail Plus - Cross-Site Scripting Vulnerability #2

This cross-site scripting vulnerability can be exploited if a client views an email with a specially crafted title.

Vulnerable E-Mail Title: </title><script>alert(1)</script>
Vulnerable: RM EasyMail Plus
Google d0rk: intitle:"Powered by RM EasyMail Plus"

John Martinelli
john (at) martinelli (dot) com [email concealed]

RedLevel Security
RedLevel.org

May 19th, 2007
|受影响的产品
Rm Easymail Rm Easymail Plus 0
|参考资料

来源:BUGTRAQ
名称:20070520RedLevelAdvisory#018-RMEasyMailPlus-Cross-SiteScriptingVulnerability#2
链接:http://www.securityfocus.com/archive/1/archive/1/469216/100/0/threaded
来源:XF
名称:rmeasymail-title-xss(34449)
链接:http://xforce.iss.net/xforce/xfdb/34449
来源:SREASON
名称:2746
链接:http://securityreason.com/securityalert/2746