Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mailtraq 多个跨站脚本漏洞
Vulnerability Description
Mailtraq是一款支持SMTP、POP3、Proxy、Mail List、News、WebMAIL的服务器软件。 Mailtraq中存在多个跨站脚本漏洞,这些漏洞源于对用户提供的输入未经验证。攻击者可利用这些漏洞在受影响站点上下文中运行恶意的HTML或JavaScript代码,窃取基于cookie的认证证书并控制站点传达给用户的方式,也可能存在其他攻击。Mailtraq 2.17.3.3150版本中存在漏洞,其他版本也可能受到影响。
CVSS Information
N/A
Vulnerability Type
N/A