CVE-2011-5149

Name of the Vulnerable Software and Affected Versions SpamTitan versions 5.08 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters to different PHP files, including testaddr or testpass to "auth-settings.php", hostname, domainname, or mailserver to "setup-relay.php", or subnetmask or defaultroute to "setup-network.php".

Recommendations For SpamTitan versions 5.08 and earlier, consider restricting access to the vulnerable parameters testaddr, testpass, hostname, domainname, mailserver, subnetmask, and defaultroute in their respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.