CVE-2010-3201
NetWin SurgeMail < 4.3g - Cross-Site Scripting via Username Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-3201. PoCs published by Kerem Kocaer.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in SurgeMail 4.3e by injecting malicious script code via the 'username_ex' parameter. The PoC triggers an alert box displaying the user's cookies, proving arbitrary JavaScript execution.
Description
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in SurgeMail 4.3e by injecting malicious script code via the 'username_ex' parameter. The PoC triggers an alert box displaying the user's cookies, proving arbitrary JavaScript execution.