CVE-2006-0469

uebimiau 2.7.9 - Cross-Site Scripting via IMG Tag SRC Attribute

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0469. PoCs published by Shai rod.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Uebimiau Webmail 2.7.2 by sending crafted emails with malicious payloads in the subject and body. The payloads trigger when the victim views the messages or contacts.

Description

Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.

Exploits (1)

exploitdb WORKING POC

by Shai rod · pythonwebappsphp

https://www.exploit-db.com/exploits/20675

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Uebimiau Webmail 2.7.2 by sending crafted emails with malicious payloads in the subject and body. The payloads trigger when the victim views the messages or contacts.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Uebimiau Webmail 2.7.2

Auth required

Prerequisites: SMTP server access · Valid credentials for sending emails · Victim interaction (opening emails)

MITRE ATT&CK