CVE-2006-0978 - Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functional

CVE-2006-0978

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. This vulnerability affects ArGoSoft, Mail Server Pro version 1.8.8.5, and may affect all previous versions.

References

Vulnerable Configurations

cpe:2.3:a:argosoft:argosoft_mail_server:1.8.8.5:*:pro:*:*:*:*:*
cpe:2.3:a:argosoft:argosoft_mail_server:1.8.8.5:*:pro:*:*:*:*:*

CVSS

Base:	4.3 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	16834
bugtraq	20060227 Secunia Research: ArGoSoft Mail Server Pro viewheaders ScriptInsertion
misc	http://secunia.com/secunia_research/2006-6/advisory/
osvdb	23512
secunia	18991
sreason	504
vupen	ADV-2006-0751
xf	argosoft-mailserverpro-viewheaders-xss(24945)

Last major update

18-10-2018 - 16:30

Published

03-03-2006 - 11:02

Last modified

18-10-2018 - 16:30