CVE-2004-2625

Outblaze Email - Stored Cross-Site Scripting via IMG Tag Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2625. PoCs published by DarkBicho.

AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Outblaze Webmail, where user-supplied HTML email content is not properly sanitized. The provided payload is a simple XSS vector that executes JavaScript to display the user's cookies.

Description

Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkBicho · textwebappsphp

https://www.exploit-db.com/exploits/24291

View Code ZIP pw:eip

This exploit demonstrates an HTML injection vulnerability in Outblaze Webmail, where user-supplied HTML email content is not properly sanitized. The provided payload is a simple XSS vector that executes JavaScript to display the user's cookies.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Outblaze Webmail

No auth needed

Prerequisites: Victim must view the malicious HTML email

MITRE ATT&CK