Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

August 31, 2015 007admin Leave a comment

Posted by Jing Wang on Aug 30

*Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application
0-Day Security Bug*

Exploit Title: Winmail Server badlogin.php &lid parameter Reflected XSS Web
Security Vulnerability
Product: Winmail Server
Vendor: Winmail Server
Vulnerable Versions: 4.2 4.1
Tested Version: 4.2 4.1
Advisory Publication: August 24, 2015
Latest Update: August 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Impact CVSS…

007 Software

Winmail Server 4.2 Reflected XSS (Cross-site Scripting) Web Application 0-Day Security Bug

Leave a Reply Cancel reply

Software and Security Information