CVE-2006-5712 - Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbi

CVE-2006-5712

Summary

Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element.

References

http://marc.info/?l=full-disclosure&m=116232831525086&w=2
http://osvdb.org/33820
http://securitytracker.com/id?1017146
http://www.securityfocus.com/bid/20840
https://exchange.xforce.ibmcloud.com/vulnerabilities/29928

Vulnerable Configurations

cpe:2.3:a:mirapoint:mirapoint_webmail:*:*:*:*:*:*:*:*
cpe:2.3:a:mirapoint:mirapoint_webmail:*:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

refmap via4

bid	20840
fulldisc	20061031 Cross Site Scripting (XSS) Vulnerability in Web Mail platform by "Mirapoint"
osvdb	33820
sectrack	1017146
xf	webmail-expression-xss(29928)

Last major update

20-07-2017 - 01:33

Published

04-11-2006 - 01:07

Last modified

20-07-2017 - 01:33