Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

IlohaMail < 0.8.14-RC3 read_message.php Multiple Field HTML Injection

Medium

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The target is running at least one instance of IlohaMail version 0.8.14 or earlier. The remote version of this software is vulnerable to an HTML injection attack. An attacker exploiting this flaw would need to convince a local user to open a malicious HTML email. Successful exploitation would result in the victim executing potentially damaging code and possibly theft of confidential, authentication-related data.

Solution

Upgrade to version 0.8.14-RC3 or higher.