Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting

By kannthu

Vidoc logoVidoc Module

SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting

What is the "SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting?"

The "SquirrelMail Virtual Keyboard <=0.9.1 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the SquirrelMail Virtual Keyboard plugin version 0.9.1 and earlier. This plugin allows users to input text using a virtual keyboard. The severity of this vulnerability is classified as medium.


A cross-site scripting vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. In the case of the SquirrelMail Virtual Keyboard plugin, this vulnerability could be exploited to execute arbitrary code or steal sensitive information from users.

How the module works?

The module sends an HTTP GET request to the vulnerable endpoint: /plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E. It then applies several matching conditions to determine if the vulnerability is present:

- The response status code must be 200. - The response body must contain the string </script><script>alert(document.domain)</script>. - The response header must contain the string text/html.

If all the matching conditions are met, the module reports the vulnerability.

Author: dhiyaneshDk


CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS-Score: 5.4

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
status: 200and
word: </script><script>alert(document.domain)<...and
word: text/html
Passive global matcher
No matching conditions.
On match action
Report vulnerability