MailReader < 2.3.36 network.cgi MIME Message XSS
Medium Nessus Network Monitor Plugin ID 2780
SynopsisThe remote host is vulnerable to an HTML injection attack.
DescriptionThe remote host is running Mailreader, a web-based application which can be used to read email. This version of Mailreader is vulnerable to a remote HTML injection flaw. An attacker exploiting this flaw would need to be able to convince a Mailreader user to open a malicious email. Successful exploitation would result in the client running code within their browser that would seem to be originating from the Mailreader server.
SolutionUpgrade to version 2.3.36 or higher.