CVE-2004-1719

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17024

http://www.osvdb.org/9042

http://www.osvdb.org/9041

http://www.osvdb.org/9040

http://www.osvdb.org/9039

http://www.osvdb.org/9038

http://www.osvdb.org/9037

http://securitytracker.com/id?1010969

http://marc.info/?l=bugtraq&m=109279057326044&w=2

Details

Source: Mitre, NVD

Published: 2004-08-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium