- Home
- CVEs with nessus.description==Martijn Brinkers discovered cross-site scripting vulnerabilities in the mailto parameter of webmail.php, the session and delete_draft parameters of compose.php and through a shortcoming in the magicHTML filter. An attacker could abuse these to execute malicious JavaScript in the user's webmail session.
Also, a workaround was made for Internet Explorer <= 5: IE will attempt to guess the MIME type of attachments based on content, not the MIME header sent. Attachments could fake to be a 'harmless' JPEG, while they were in fact HTML that Internet Explorer would render.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top