CoreMail XT3.0 Cross Site Scripting

Posted on 01 December 2015

Application: CoreMail Versions Affected: XT3.0 Vendor URL: http://www.coremail.cn/ Bugs: Stored XSS Author:shack.li(DBAPPSecurity Ltd) Description: Coremail mail system was born in 1999, is widely used in network operators, large enterprises, government institutions, colleges and universities and other mail systems, so far, the user has more than 700000000,the official website. Vulnerability details： Create a document, insert a hyperlink, hyperlink for executing the JavaScript test code "javascript:alert ()". Then create a mail and upload attachments, and then send them to the other users who need them. When other users online preview documents, click the hyperlink, Attack code will be executed. --------------------------------------------- E-mail：shack.li@dbappsecurity.com.cn DBAppSecurity Ltd www.dbappsecurity.com.cn

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Relate Cross Site Scripting
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Authentication Bypass
Elber Signum DVB-S/S2 IRD For Radio Networks 1.999 Insecure Direct Object Reference
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Authentication Bypass
Elber Cleber/3 Broadcast Multi-Purpose Platform 1.0.0 Insecure Direct Object Reference

Last 20