Full title: phlyMail Lite 4.03.04 Path Disclosure / XSS Vulnerabilities 
Category: web applications
Platform: php
phlyMail suffers from multiple stored XSS vulnerabilities (post-auth)
and Path Disclosure when input passed via several parameters to several scripts
is not properly sanitized before being returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in context
of an affected site and displaying the full webapp installation path.

# 0day.today @ http://0day.today/