4.3

CVE-2004-1719

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MerakMail Server Version7.4.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.01% 0.911
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=bugtraq&m=109279057326044&w=2
http://packetstormsecurity.nl/0408-exploits/merak527.txt
Patch
Vendor Advisory
Exploit
http://secunia.com/advisories/12269
Patch
Vendor Advisory
Exploit
http://securitytracker.com/id?1010969
http://www.osvdb.org/9037
Patch
Vendor Advisory
http://www.osvdb.org/9038
Patch
Vendor Advisory
http://www.osvdb.org/9039
Patch
Vendor Advisory
http://www.osvdb.org/9040
Patch
Vendor Advisory
http://www.osvdb.org/9041
Patch
Vendor Advisory
http://www.osvdb.org/9042
Patch
Vendor Advisory
http://www.securityfocus.com/bid/10966
Patch
Vendor Advisory
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/17024