Description
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/18261
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/77989
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47309
Scores
EPSS
0.0150
EPSS Percentile
81.2%
Details
CWE
CWE-79
Status
published
Products (1)
spamtitan/spamtitan
< 5.07
Published
Aug 31, 2012
Tracked Since
Feb 18, 2026