| Max CVSS | 6.8 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2002-1709 | 6.4 |
SQL injection vulnerability in BasiliX Webmail 1.10 allows remote attackers to obtain sensitive information or possibly modify data via the id variable.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
| CVE-2002-1708 | 6.8 |
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
| CVE-2002-1710 | 3.6 |
The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 does not check whether the attachment was uploaded by the user or came from a HTTP POST, which could allow local users to steal sensitive information like a password file.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
| CVE-2002-1711 | 2.1 |
BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX directory, which allows local users to read other users' attachments.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 |