Ipswitch IMail 7.04 and previous versions stores a user's session ID in a URL, which could allow remote malicious users to hijack sessions by obtaining the URL, e.g. via an HTML email that causes the Referrer to be sent to a URL under the attacker's control.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ipswitch imail 6.0.6 |
||
ipswitch imail 7.0.4 |
||
ipswitch imail 6.0.2 |