VULHUB ™

Message Foundry is reportedly prone to multiple vulnerabilities. An HTML injection vulnerability was reported that can be exploited by submitting a value for the "NAME" input field that contains HTML and script code. This could permit execution of hostile HTML and script code in the security context of the site hosting the software. The software is also reported to store the administrative password in plaintext in the MF.ini file. An additional issue is reported that may permit an attacker to change another user's password if they are in the say public or private area of an affected site.

Message Foundry is reportedly prone to multiple vulnerabilities. An HTML injection vulnerability was reported that can be exploited by submitting a value for the "NAME" input field that contains HTML and script code. This could permit execution of hostile HTML and script code in the security context of the site hosting the software. The software is also reported to store the administrative password in plaintext in the MF.ini file. An additional issue is reported that may permit an attacker to change another user's password if they are in the say public or private area of an affected site.