[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Tempinbox.com

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Tempinbox.com
From: luny@xxxxxxxxxxxxxxx
Date: 10 Jun 2006 07:54:36 -0000

Tempinbox.com

Homepage:
http://www.tempinbox.com

Effected files:
checkmail.pl

Description:

Tempinbox.com is a free throw away, no sending email service. You enter an 
account name and you can instantly check email.

XSS Vulnerability:

It seems the title of emails and subjects are not sanatized, so if a user was 
to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and 
then someone went to view it, an XSS attack could occur.

Prev by Date: AsianXO.com - XSS with cookie data include
Next by Date: [MajorSecurity #11]OpenCMS<= 6.2.1 - XSS
Previous by thread: AsianXO.com - XSS with cookie data include
Next by thread: [MajorSecurity #11]OpenCMS<= 6.2.1 - XSS
Index(es):
- Date
- Thread