This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote web server contains a PHP application that is subject to
cross-site scripting attacks.
Based on its version number, the installation of IlohaMail on the
remote host does not properly sanitize attachment file names, MIME
media types, and HTML / text email messages. An attacker can exploit
these vulnerabilities by sending a specially crafted message to a user
which, when read using an affected version of IlohaMail, will allow
the attacker to execute arbitrary HTML and script code in the user's browser
within the context of the affected website.
See also :
Upgrade to IlohaMail version 0.8.14-rc3 or newer.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 4.3
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 18050 (ilohamail_email_xss.nasl)
Bugtraq ID: 13175
CVE ID: CVE-2005-1120
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.