PCI Compliance Failed: IlohaMail 0.8.10 contains an XSS vulnerability

**yenmax** · 2 Aug 2012, 05:33 AM

I am getting emails from Security Metrics about PCI compliance. My website has 3 failing areas. Here are the failing messages:

Title: Web server vulnerability Impact: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests that contain specific QUERY strings. Risk Factor: Medium/ CVSS2 Base Score: 5.0

2. Title: Web server vulnerability Impact: /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities. Risk Factor: Medium/ CVSS2 Base Score: 4.0
3. Title: Web server vulnerability Impact: /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities. Risk Factor: Medium/ CVSS2 Base Score: 4.0

Please help, Thank you so much.

**RodG** · 2 Aug 2012, 06:08 AM

Originally Posted by yenmax

2. Title: Web server vulnerability Impact: /webmail/blank.html: IlohaMail 0.8.10 contains an XSS vulnerability. Previous versions contain other non-descript vulnerabilities. Risk Factor: Medium/ CVSS2 Base Score: 4.0
3. Title: Web server vulnerability Impact: /IlohaMail/blank.html: IlohaMail 0.8.10 contains a XSS vulnerability. Previous versions contain other non-descript vulnerabilities. Risk Factor: Medium/ CVSS2 Base Score: 4.0
Please help, Thank you so much.

Yours is not a ZenCart issue. The problem is with /IlohaMail/ and /webmail/

Cheers
Rod

Thread: PCI Compliance Failed: IlohaMail 0.8.10 contains an XSS vulnerability

Thread Tools

Search Thread

Display

PCI Compliance Failed: IlohaMail 0.8.10 contains an XSS vulnerability

Re: PCI Compliance Failed

Similar Threads

XSS Vulnerability in v1.3.7

Bookmarks

Bookmarks

Posting Permissions