Published: 12/08/2012 Updated: 13/08/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote malicious users to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
tdah t-day webmail 3.2.0-2.3

#!/usr/bin/python ''' # Exploit Title: T-dah Webmail Multiple Stored XSS issues # Date: 17/08/2012 # Exploit Author: Shai rod (@NightRang3r) # Vendor Homepage: tdahus/ # Software Link: sourceforgenet/projects/t-dahmail/files/latest/download?utm_expid=6384-3&utm_referrer=http%3A%2F%2Fsourceforgenet%2Fprojects%2Ft-dahmail%2F # ...

#!/usr/bin/python ''' Author: loneferret of Offensive Security Product: T-dah Webmail Client Version: 320-23 Vendor Site: t-dahmailsourceforgenet/indexphp Software Download: sourceforgenet/projects/t-dahmail/ Contact: t-dahmailsourceforgenet/forum/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012: R ...

CWE-79 http://www.exploit-db.com/exploits/20364/https://nvd.nist.gov https://www.exploit-db.com/exploits/20579/

CVE-2012-2573

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect