Email.Attachment.MIME.JPG.XSS
Description
This threat sends an email with a .jpg extension but with a MIME encoding of text/html. This causes the SqWebMail email application to execute the Javascript contained inside. This Javascript can be used to create a cross site scripting situation where the attacker can create and delete email without user intervention.
Affected Products
Inter7 SqWebMail 4.0.5
Inter7 SqWebMail 4.0.4 .20040524
Inter7 SqWebMail 3.6.1
Inter7 SqWebMail 3.6 .0
Inter7 SqWebMail 3.5.3
Inter7 SqWebMail 3.5.2
Inter7 SqWebMail 3.5.1
Inter7 SqWebMail 3.5 .0
Inter7 SqWebMail 3.4.1
Impact
System compromise.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |