CVE-2013-6229
Atmail Webmail Server 7.0.2 - Cross-Site Scripting via Filter or MailId Parameter
Title source: llmExploitation Summary
EIP tracks 3 public exploits for CVE-2013-6229. PoCs published by Vicente Aguilera Diaz.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Atmail 7.0.2, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
Exploits (3)
The provided text describes a cross-site scripting (XSS) vulnerability in Atmail 7.0.2, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site.
The provided text describes a cross-site scripting (XSS) vulnerability in Atmail 7.0.2, where user-supplied input is not properly sanitized. The example URL demonstrates how an attacker could inject malicious script code via the 'filter' parameter.
The provided text describes a cross-site scripting (XSS) vulnerability in Atmail 7.0.2, where user-supplied input is not properly sanitized, allowing arbitrary script execution in the context of the affected site. The example URL demonstrates the vulnerability by injecting malicious input into the 'mailId' parameter.