ID |
CVE-2005-0320
|
Summary |
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.0 (as of 11-07-2017 - 01:32) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
NONE |
PARTIAL |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
refmap
via4
|
bid | 12396 | bugtraq | 20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes | xf | merak-icewarp-multiple-xss(19147) |
|
Last major update |
11-07-2017 - 01:32 |
Published |
28-01-2005 - 05:00 |
Last modified |
11-07-2017 - 01:32 |