Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename.
Credit:
The information has been provided by TAGAWA Takao.
Vulnerable Systems:
* TAGAWA Takao TransmitMail 1.0.11 through 1.5.8
Immune Systems:
* TAGAWA Takao TransmitMail after 1.5.8
TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting (CWE-79) vulnerability due to the processing of file names. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.