[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Dreammail 5 mail client XSS Vulnerability
Title: Dreammail 5 mail client XSS Vulnerability
Software : Dreammail
Software Version : v5.16
Vulnerability Published : 2016-03-21
Impact : Medium(CVSS2 Base : 4.3, AV:N/AC:M/Au:N/C:N/I:P/A:N)
Bug Description :
DreamMail is an email client application, which allows its users to send, receive, and
Dreammail (ver 5.16) may be compromised by cross-site scripting attacks. Once attackers
lose personal credentials, or the browsers of the victims may be hijacked.
#The email becomes a malicious email when containing the code below.
<img src=x onerror=alert(/xss/) />
Using such encode functions as htmlencode() or filtering those certain symbols regarding