A DOM based XSS in GFI Kerio Control v9.3.0 allows embedding of malicious code and manipulating the login page to send back a victim's cleartext credentials to an attacker via a login/?reason=failure&NTLM= URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gfi kerio control 9.3.0 |