Miliaris Amigdala Cross-Site Scripting Vulnerability in Email Manager Function
Vulnerability
A cross-site scripting (XSS) vulnerability has been identified in the email manager function of Miliaris Amigdala version 2.2.6. This vulnerability allows attackers to execute arbitrary HTML in the context of a user's browser by using a crafted payload. The issue arises from reflected cross-site scripting, where the vulnerability is triggered by a crafted URL that exploits the application's handling of specific parameters.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute arbitrary JavaScript in the victim's browser. This could be used to steal cookies, session tokens, or other sensitive information accessible to the user.
Reproduction
To reproduce this vulnerability, send a request to the email manager function of Miliaris Amigdala v2.2.6, including a crafted payload in the reportEngineId parameter. The application will reflect the payload back to the user's browser, executing the embedded HTML or JavaScript.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.