Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
CyberSolutions CyberMail Cross-Site Scripting

CyberSolutions CyberMail Cross-Site Scripting

Current Description

In CyberMail Ver.6.x and Ver.7.x has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.

Details

The injection point is ACTION parameter.

We execute arbitrary code via ACTION paramemer without authentication.

Description

We can execute arbitrary code without authentication.

Contributor

  • Tony Kuo (CHT Security)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment