AeroMail is prone to multiple remote vulnerabilities, including: 1. A cross-site scripting vulnerability. 2. Multiple HTML-injection vulnerabilities. 3. Multiple cross-site request forgery vulnerabilities. The attacker can exploit the cross-site scripting issue to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials. The attacker may also be perform certain administrative functions and delete arbitrary files. Other attacks are also possible.
A third party patch is available. Please see the references for details.
Updated on 2015-03-25
- Apache Open For Business HTML injection vulnerability
- 3Com NBX VoIP NetSet Detection
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability