PT-2019-19709 · Mailtraq · Mailtraq Webmail

Publicado

2019-03-12

Atualizado

2019-03-13

CVE-2019-9558

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mailtraq WebMail version 2.17.7.3550

Description The issue allows for Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit this, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.

Recommendations For Mailtraq WebMail version 2.17.7.3550, consider disabling the ability to insert iframes into email bodies until a patch is available. Restrict access to emails with potentially malicious content to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-9558

Produtos afetados

Mailtraq Webmail

PT-2019-19709 · Mailtraq · Mailtraq Webmail

CVE-2019-9558

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3