CVE-2001-0857
IMP Webmail < 2.2.6 - Cross-Site Scripting via Status Message Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2001-0857. PoCs published by Joao Pedro Goncalves.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Horde IMP's status.php3. The crafted URL injects JavaScript to steal cookie-based authentication credentials by sending them to an attacker-controlled server.
Description
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Horde IMP's status.php3. The crafted URL injects JavaScript to steal cookie-based authentication credentials by sending them to an attacker-controlled server.