4.3

CVE-2004-1719

Exploit

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MerakMail Server Version7.4.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.82% 0.733
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
http://secunia.com/advisories/12269
Patch
Vendor Advisory
Exploit
http://www.osvdb.org/9037
Patch
Vendor Advisory
http://www.osvdb.org/9038
Patch
Vendor Advisory
http://www.osvdb.org/9039
Patch
Vendor Advisory
http://www.osvdb.org/9040
Patch
Vendor Advisory
http://www.osvdb.org/9041
Patch
Vendor Advisory
http://www.osvdb.org/9042
Patch
Vendor Advisory
http://www.securityfocus.com/bid/10966
Patch
Vendor Advisory
Exploit