4.3

CVE-2010-3201

Exploit
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NetwinSurgemail Version <= 4.2d4-4
NetwinSurgemail Version1.0c
NetwinSurgemail Version1.0d
NetwinSurgemail Version1.1a
NetwinSurgemail Version1.1b
NetwinSurgemail Version1.1c
NetwinSurgemail Version1.1d
NetwinSurgemail Version1.2a
NetwinSurgemail Version1.2b
NetwinSurgemail Version1.2c
NetwinSurgemail Version1.3a
NetwinSurgemail Version1.3a_rc1
NetwinSurgemail Version1.3b
NetwinSurgemail Version1.3c
NetwinSurgemail Version1.3d
NetwinSurgemail Version1.3e
NetwinSurgemail Version1.3f
NetwinSurgemail Version1.3g
NetwinSurgemail Version1.3h
NetwinSurgemail Version1.3i
NetwinSurgemail Version1.3j
NetwinSurgemail Version1.3k
NetwinSurgemail Version1.3l
NetwinSurgemail Version1.4a
NetwinSurgemail Version1.4b
NetwinSurgemail Version1.4c
NetwinSurgemail Version1.5a
NetwinSurgemail Version1.5b
NetwinSurgemail Version1.5c
NetwinSurgemail Version1.5d
NetwinSurgemail Version1.5d2
NetwinSurgemail Version1.5f
NetwinSurgemail Version1.6a
NetwinSurgemail Version1.6b
NetwinSurgemail Version1.6d
NetwinSurgemail Version1.6e
NetwinSurgemail Version1.6e2
NetwinSurgemail Version1.7a
NetwinSurgemail Version1.7b3
NetwinSurgemail Version1.8a
NetwinSurgemail Version1.8b3
NetwinSurgemail Version1.8d
NetwinSurgemail Version1.8e
NetwinSurgemail Version1.8f
NetwinSurgemail Version1.8g3
NetwinSurgemail Version1.9
NetwinSurgemail Version1.9b2
NetwinSurgemail Version2.0a2
NetwinSurgemail Version2.0c
NetwinSurgemail Version2.0e
NetwinSurgemail Version2.0g2
NetwinSurgemail Version2.1a
NetwinSurgemail Version2.1c7
NetwinSurgemail Version2.2a6
NetwinSurgemail Version2.2c9
NetwinSurgemail Version2.2c10
NetwinSurgemail Version2.2g2
NetwinSurgemail Version2.2g3
NetwinSurgemail Version3.0a
NetwinSurgemail Version3.0c2
NetwinSurgemail Version3.1s
NetwinSurgemail Version3.2e
NetwinSurgemail Version3.5a
NetwinSurgemail Version3.5b3
NetwinSurgemail Version3.6d
NetwinSurgemail Version3.6f3
NetwinSurgemail Version3.6f5
NetwinSurgemail Version3.6f7
NetwinSurgemail Version3.7b
NetwinSurgemail Version3.7b3
NetwinSurgemail Version3.7b5
NetwinSurgemail Version3.7b6
NetwinSurgemail Version3.7b7
NetwinSurgemail Version3.7b8
NetwinSurgemail Version3.8a
NetwinSurgemail Version3.8b
NetwinSurgemail Version3.8d
NetwinSurgemail Version3.8f
NetwinSurgemail Version3.8f2
NetwinSurgemail Version3.8f3
NetwinSurgemail Version3.8i
NetwinSurgemail Version3.8i2
NetwinSurgemail Version3.8i3
NetwinSurgemail Version3.8k
NetwinSurgemail Version3.8k2
NetwinSurgemail Version3.8k3
NetwinSurgemail Version3.8k4
NetwinSurgemail Version3.8m
NetwinSurgemail Version3.8o
NetwinSurgemail Version3.8q
NetwinSurgemail Version3.8s
NetwinSurgemail Version3.8u
NetwinSurgemail Version3.9a
NetwinSurgemail Version3.9c
NetwinSurgemail Version3.9e
NetwinSurgemail Version3.9g
NetwinSurgemail Version3.9g2
NetwinSurgemail Version4.0a
NetwinSurgemail Version4.0k
NetwinSurgemail Version4.0u3
NetwinSurgemail Version4.0u4
NetwinSurgemail Version4.0v-8
NetwinSurgemail Version4.2a2-2
NetwinSurgemail Version4.2a2-3
NetwinSurgemail Version4.2a3-3
NetwinSurgemail Version4.2d-1
NetwinSurgemail Version4.2d2-2
NetwinSurgemail Version4.2d3-3
NetwinSurgemail Versionbeta_3.9a
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.88% 0.827
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.