Release date:
Updated on:
Affected Systems:
HiveMail 1.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55102
HiveMail is a Web post office system that uses PHP foreground programs and MySQL background database management.
Hivemail 1.41F Build 103 and other versions have security vulnerabilities in implementation. If the input transmitted via HTML email is not properly filtered, it will be used. As a result, arbitrary HTML and script code will be inserted, after being viewed, it can be executed in the affected site user's browser.
<* Source: Shai rod
Link: http://secunia.com/advisories/50317/
Http://www.exploit-db.com/exploits/20672/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
HiveMail
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.hivemail.com/