Security consultant and researcher
Long experience in designing and implementation of security solutions, mainly oriented on web, mobile and embedded applications. Author of penetration testing tools, recognized by OWASP organization and BackTrack Linux distribution. Researching work includes discovery of vulnerabilities of numeral applications and services, and for these, author received public apreciations by Microsoft Company..
Cross site scripting in HTML filter
- A cross-site scripting (XSS) vulnerability was discovered, which allows to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. This can be triggered when viewing a malicious email message in HTML mode.
- Affected Versions:
- 1.4.0 - 1.4.16
- Register Globals:
- Register_globals does not have to be on for this issue.
- CVE ID(s):
- view patch
- Thanks to Ivan Markovic and Secunia.
- This page last updated:
- 2008-12-07 14:47:11