We recently found the the plugin Postman SMTP contains a reflected cross-site scripting (XSS) vulnerability.

On line 346 of the file /Postman/Postman-Email-Log/PostmanEmailLogController.php the value of GET or POST input “page” is output without being escaped:

value=”<?php echo $_REQUEST[‘page’] ?>” />

While the GET input “page” needs to be set to “postman_email_log” for that code to run, the POST input

Share This