XSS Vulnerability in ZendTo Messaging Platform by Zend Technologies
CVE-2013-6808

Currently unrated

Key Information:

Vendor: Zend
Status: Zendto
Vendor: CVE Published:; 28 December 2013

What is CVE-2013-6808?

An XSS vulnerability exists in the ZendTo messaging platform that could allow attackers to exploit web applications by injecting malicious scripts. This occurs via a manipulated email address field when processing requests through the pickup.php script. Attackers can execute their own scripts in the context of the user's session, potentially leading to data theft or unauthorized actions.

References

https://www.packetlabs.net/cve-2013-6808/

x_refsource_MISC

http://www.zend.to/changelog.php

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2013
Vulnerability Reserved
Nov 19, 2013