Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hivemail hivemail 1.2.1_beta1 |
||
hivemail hivemail 1.2.1_rc |
||
hivemail hivemail 1.2.2 |
||
hivemail hivemail 1.2_sp1 |
||
hivemail hivemail 1.1.1 |
||
hivemail hivemail 1.2 |
||
hivemail hivemail 1.3_rc1 |
||
hivemail hivemail 1.1 |
||
hivemail hivemail 1.3 |
||
hivemail hivemail 1.3_beta1 |