Axigen Mail Server ‘Body’ Field HTML Injection Vulnerability

Summary

Axigen Mail Server is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54899


Details

Vulnerable Systems:
 *Axigen Mail Server ‘Body’ Field HTML Injection Vulnerability

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.Axigen Mail Server 8.0.1 is vulnerable; other versions may also be affected. .

Vendor Status:
Vendor as issued an updated vulnerability.

CVE Information:
CVE-2012-2592

Disclosure Timeline:
Initial Release: Published: Aug 08 2012

Categories: News