Description
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by dr_insane · textwebappscgi
https://www.exploit-db.com/exploits/23810
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15452
Exploit, Vendor Advisory x_refsource_misc
http://members.lycos.co.uk/r34ct/main/emu/emu.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11110
Exploit, Vendor Advisory x_refsource_misc
http://www.zone-h.com/advisories/read/id=4141
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9861
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4204
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15451
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/4972
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1009397
Scores
EPSS
0.0095
EPSS Percentile
76.5%
Details
Status
published
Products (1)
emumail/emu_webmail
5.2.7
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026