Intrusion Prevention

Mailtraq.Browse.ASP.XSS

Description

It indicates an attacker attempted a Cross Site Scripting attack against Mailtraq. Mailtraq does not properly sanitize HTTP requests which makes it vulnerable to Cross Site Scripting attacks. A malicious attacker can take advantage of this programming error by manipulating the "cfolder" URI parameter to the browse.asp script. The attacker then sends the link to the user if that link is opened by the user, the attacker supplied code will be executed.

Affected Products

Fastraq Mailtraq 2.2

Impact

Compromise of the affected system.

Recommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

Other References

1