SquirrelMail Address Add 1.4.2 plugin contains a cross-site scripting vulnerability. It fails to properly sanitize user-supplied input, thus allowing an attacker to execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Details: squirrelmail-address-xss matched at honey.scanme.sh
Protocol: HTTP
Full URL: https://honey.scanme.sh/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E
Timestamp: Tue Apr 30 13:42:05 +0000 UTC 2024
Source: https://cloud.projectdiscovery.io/vuln/4b0e0520b8a222cec29b3c746a2cbf30
Template Information
Request
Response
References:
CURL command
Generated by Nuclei v3.2.5