1. CVE-Search
  2. CVE-2002-0411
ID CVE-2002-0411
Summary Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
References
Vulnerable Configurations
  • cpe:2.3:a:aeromail:aeromail:1.02:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.02:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:aeromail:aeromail:1.40:*:*:*:*:*:*:*
    cpe:2.3:a:aeromail:aeromail:1.40:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 05-09-2008 - 20:27)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 4215
bugtraq 20020303 AeroMail multiple vulnerabilities
confirm http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
xf aeromail-subject-css(8346)
Last major update 05-09-2008 - 20:27
Published 12-08-2002 - 04:00
Last modified 05-09-2008 - 20:27
Back to Top