<<< Date Index >>>     <<< Thread Index >>>

Tempinbox.com



Tempinbox.com

Homepage:
http://www.tempinbox.com

Effected files:
checkmail.pl

Description:

Tempinbox.com is a free throw away, no sending email service. You enter an 
account name and you can instantly check email.

XSS Vulnerability:

It seems the title of emails and subjects are not sanatized, so if a user was 
to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and 
then someone went to view it, an XSS attack could occur.