Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SqWebMail Email头字段HTML注入漏洞
Vulnerability Description
SqWebMail是一款基于WEB的邮件系统。 SqWebMail不正确过滤用户提供的EMAIL头字符串,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得敏感信息。 攻击者发送的一个EMAIL消息如果在头字段包含类似如下的HTML代码: "<script>alert(document.location)</script>": ashanti@dns:~$ telnet localhost 25 Trying x.x.x.x... Connected to x.x.x.x. Escape character
CVSS Information
N/A
Vulnerability Type
N/A