CVE-2012-2591

EmailArchitect Email Server <10.0.0.3 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2591. PoCs published by loneferret.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in EmailArchitect Enterprise Email Server 10.0 by injecting malicious JavaScript payloads into the 'From' and 'Date' fields of an email. The script sends an email with an XSS payload via SMTP, which executes when the victim views the email.

Description

Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.

Exploits (1)

exploitdb WORKING POC VERIFIED

by loneferret · pythonwebappswindows

https://www.exploit-db.com/exploits/20349

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in EmailArchitect Enterprise Email Server 10.0 by injecting malicious JavaScript payloads into the 'From' and 'Date' fields of an email. The script sends an email with an XSS payload via SMTP, which executes when the victim views the email.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: EmailArchitect Enterprise Email Server 10.0

Auth required

Prerequisites: SMTP server access · Valid credentials for authentication · Victim interaction to view the email

MITRE ATT&CK