https://www.exploit-db.com/exploits/22730

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/7813/info

Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server.

An attacker can exploit this vulnerability by manipulating the 'cfolder' URI parameter to the browse.asp script and sending a link to a victim user. If this link is visited, the attacker-supplied code may be rendered in the browser of the user who visit the malicious link. 

http://www.example.org/browse.asp?<script>alert(document.cookie)</script>