Posted by Jing Wang on Aug 30
*Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application
0-Day Security Bug*
Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web
Security Vulnerability
Product: Winmail Server
Vendor: Winmail Server
Vulnerable Versions: 4.2 4.1
Tested Version: 4.2 4.1
Advisory Publication: August 24, 2015
Latest Update: August 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Impact CVSS…