Published: 26/03/2010 Updated: 17/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.

Vulnerable Product	Search on Vulmon	Subscribe to Product
afterlogic webmail pro
afterlogic webmail pro 4.5

source: wwwsecurityfocuscom/bid/36605/info AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-b ...

Security Advisory : Cross-Site Scripting flaw in AfterLogic WebMail Pro Description ------------- AfterLogic WebMail Pro is vulnerable to Cross-Site Scripting, allowing injection of malicious code in the context of the application Overview ----------- Quote from wwwafterlogiccom/products/webmail-pro : "Webmail front-end for your existin ...

CWE-79 http://www.securityfocus.com/bid/36605 http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt http://osvdb.org/58712 http://secunia.com/advisories/36964 https://exchange.xforce.ibmcloud.com/vulnerabilities/53672 https://nvd.nist.gov https://www.exploit-db.com/exploits/33268/

CVE-2009-4743

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect