AfterLogic Mailsuite Pro ‘Body’ Field HTML Injection Vulnerability


AfterLogic Mailsuite Pro is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input.


The original article can be found at: G ran Weinholt .


Vulnerable Systems:
 *Debian ‘libotr2’ Package Multiple Heap Based Buffer Overflow Vulnerabilities

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.Mailsuite Pro 6.3 is vulnerable; other versions may also be affected.

Vendor Status:
Vendor as issued an updated vulnerability.

CVE Information:

Disclosure Timeline:
Initial Release: Published: Aug 08 2012

Categories: News