Hello,
Currently I'm using the latest qmailadmin-toaster-1.2.11 but it
still appears to be vulnerable to cross site scripting (XSS). May I know
is there anyway to fix the following problem ?
Thanks.
*
Method* POST Protocol http Port 80Demo
*Path* /qmailadmin/index.cgi
username=postmaster
domain=0
*Post* password=0
returnhttp=>"><script>alert('xss')</script><"
returntext=0
*Headers* Content-Type=application%2Fx-www-form-urlencoded
*Method* POST Protocol http Port 80Demo
*Path* /qmailadmin/index.cgi/passwd/
address=0
oldpass=0
*Post* newpass1=0
newpass2=0
returntext=0
returnhttp=>"><script>alert('xss')</script><"
*Headers* Content-Type=application%2Fx-www-form-urlencoded
