Skip to content

fdzdev/CVE-2024-50962

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Cross-Site Scripting (XSS) in DonWeb Ferozo Webmail (CVE-2024-50962)

Description

A Cross-Site Scripting (XSS) vulnerability in Ferozo Webmail v1.1 allows attackers to execute arbitrary scripts via the Identities and Automatic Responses components. This vulnerability can be used to hijack user sessions, conduct phishing attacks, and steal credentials.

Attack Complexity

  • Low

Privileges Required

  • None

User Interaction

  • Required (Users need to interact with the component containing the injected script.)

Affected Components

  • Identities Page and Automatic Responses: Insufficient input validation allows malicious script injection.

Impact

  • Session Hijacking: Attackers can control user sessions.
  • Phishing: Embedded iframes can be used to conduct phishing attacks.

Remediation

  • Input Sanitization: Implement robust input validation and sanitization.
  • XSS Filtering: Apply a Content Security Policy (CSP) to prevent unauthorized script execution.

CVE-2024-50962
Reported by [Facundo Fernandez / Security Researcher]

About

A Cross-Site Scripting (XSS) vulnerability

Topics

cve cves cve-2024-50962

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published