CVE-2004-2379 - Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers

CVE-2004-2379

Summary

Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.

References

http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt
http://secunia.com/advisories/10978
http://www.osvdb.org/4066
http://www.osvdb.org/4067
http://www.securityfocus.com/bid/9748
http://www.securitytracker.com/alerts/2004/Feb/1009208.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/15324

Vulnerable Configurations

cpe:2.3:a:calacode:at_mail_webmail_system:3.64:*:*:*:*:*:*:*
cpe:2.3:a:calacode:at_mail_webmail_system:3.64:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	9748
misc	http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt
osvdb	4066 4067
sectrack	1009208
secunia	10978
xf	atmail-util-xss(15324)

Last major update

11-07-2017 - 01:31

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:31