• info
• discussion
• exploit
• solution
• references

SqWebMail HTML Email Script Tag Script Injection Vulnerability

An exploit is not required.

The following proof of concept is available:
<!--[if IE]>
<script>alert("Vulnerable!");</script>
<![endif]-->