ID de Prueba:	1.3.6.1.4.1.25623.1.0.100202
Categoría:	Web application abuses
Título:	Matt Wright FormMail HTTP Response Splitting and XSS Vulnerabilities
Resumen:	FormMail is prone to an HTTP response splitting vulnerability; and multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize; user-supplied input.
Descripción:	Summary: FormMail is prone to an HTTP response splitting vulnerability and multiple cross-site scripting (XSS) vulnerabilities because it fails to properly sanitize user-supplied input. Vulnerability Impact: An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and influence how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust. Affected Software/OS: These issues affect FormMail 1.92, prior versions may also be affected. Solution: Upgrade to the latest version. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1776 BugTraq ID: 34929 http://www.securityfocus.com/bid/34929 Bugtraq: 20090512 FormMail 1.92 Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/503446/100/0/threaded http://www.ush.it/team/ush/hack-formmail_192/adv.txt http://secunia.com/advisories/35068
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.