2020-08-26 10:01
CVE-2020-5540
CyberSolutions CyberMail Cross-Site Scripting
Current Description
In CyberMail version 5 or later version has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication.
The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
Details
The injection point is ACTION parameter.
We execute arbitrary code via ACTION paramemer without authentication.
Description
We can execute arbitrary code without authentication.
Contributor
- Tony Kuo (CHT Security)