CVE-2004-2334

EMU Webmail 5.2.7 - Cross-Site Scripting via Hex-Encoded Variable or Folder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2334. PoCs published by dr_insane.

AI-analyzed exploit summary This exploit demonstrates cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 via the 'emumail.fcgi' script. The PoC includes crafted URLs that inject JavaScript payloads to trigger XSS attacks.

Description

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dr_insane · textwebappscgi

https://www.exploit-db.com/exploits/23810

View Code ZIP pw:eip

This exploit demonstrates cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 via the 'emumail.fcgi' script. The PoC includes crafted URLs that inject JavaScript payloads to trigger XSS attacks.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EMU Webmail 5.2.7

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK