This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote host contains a CGI script that is vulnerable to a cross-
site scripting attack.
According to its banner, the version of Mailreader installed on the
remote host is affected by a remote HTML injection vulnerability due
to its failure to properly sanitize messages using a 'text/enriched'
or 'text/richtext' MIME type. An attacker can exploit this flaw by
sending a specially crafted message to a user who reads his mail with
Mailreader. Then, when the user reads that message, malicious HTML or
script code embedded in the message will be run by the user's browser
in the context of the remote host, enabling the attacker to steal
authentication cookies as well as perform other attacks.
Upgrade to Mailreader 2.3.36 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 17661 (mailreader_html_injection.nasl)
Bugtraq ID: 12945
CVE ID: CVE-2005-0386
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.