AfterLogic Mailsuite Pro ‘Body’ Field HTML Injection Vulnerability

Summary

AfterLogic Mailsuite Pro is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input.

Credit:

The original article can be found at: http://www.securityfocus.com/bid/54906 G ran Weinholt .


Details

Vulnerable Systems:
 *Debian ‘libotr2’ Package Multiple Heap Based Buffer Overflow Vulnerabilities

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.Mailsuite Pro 6.3 is vulnerable; other versions may also be affected.

Vendor Status:
Vendor as issued an updated vulnerability.

CVE Information:
CVE-2012-2587

Disclosure Timeline:
Initial Release: Published: Aug 08 2012

Categories: News