Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 up to and including 1.11 allows remote malicious users to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
freshscripts fresh email script 1.0 |
||
freshscripts fresh email script 1.11 |