Mirapoint Web Mail - 'Expression()' HTML Injection

Related Vulnerabilities: CVE-2006-5712  
Publish Date: 31 Oct 2006
                							

                source: http://www.securityfocus.com/bid/20840/info

Mirapoint Web Mail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser.

<IMG style="width: expression(alert('expression'));">