PT-2019-19709 · Mailtraq · Mailtraq Webmail

Published

2019-03-12

Updated

2019-03-13

CVE-2019-9558

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Mailtraq WebMail version 2.17.7.3550

Description The issue allows for Persistent Cross Site Scripting (XSS) via the body of an e-mail message. To exploit this, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.

Recommendations For Mailtraq WebMail version 2.17.7.3550, consider disabling the ability to insert iframes into email bodies until a patch is available. Restrict access to emails with potentially malicious content to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-9558

Affected Products

Mailtraq Webmail

PT-2019-19709 · Mailtraq · Mailtraq Webmail

CVE-2019-9558

Weakness Enumeration

Related Identifiers

Affected Products

References · 3