Seite wählen

https://www.pluginvulnerabilities.com/2017/06/29/reflected-cross-site-scripting-xss-vulnerability-in-postman-smtp/

We recently found the the plugin Postman SMTP contains a reflected cross-site scripting (XSS) vulnerability.

On line 346 of the file /Postman/Postman-Email-Log/PostmanEmailLogController.php the value of GET or POST input “page” is output without being escaped:

value=”<?php echo $_REQUEST[‘page’] ?>” />

While the GET input “page” needs to be set to “postman_email_log” for that code to run, the POST input

Source: Security Feed

Share This