New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security bug - Reflected XSS #53
Comments
|
Dear Fadavvi, Thank you for your report. Best Regards, |
|
Hi, I confirm your bug. I'll deploy in few minutes a bug fix. Thank you again for your contribution @Fadavvi ! Best Regards, |
Bug fix of a XSS issue on MailCleaner login (administration) interface. See issue #53 The "message" parameter was only used for the logoutAction(). However, the parameter was not checked and not escaped.
|
The fix was published on the master branch. See 5f90a52 |
Hi,
I try to register on your forum for reporting this bug, but my registration request didn't responded.
so:
Bug Title: Reflected XSS
Product(s): MailCleaner CE 2018.08 & MailCleaner CE 2018.09
Tested on: Centos7/Firefox & Win10/Firefox
PoC URI: https://[IP]/admin/login/user/message/%3Csvg%20onload=alert(%22@darknetguy%22)%3E
BR,
Milad Fadavvi
The text was updated successfully, but these errors were encountered: