CVE-2006-3564

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27695

http://www.vupen.com/english/advisories/2006/2763

http://www.securityfocus.com/bid/18949

http://www.osvdb.org/27103

http://www.osvdb.org/27102

http://www.osvdb.org/27101

http://www.osvdb.org/27100

http://securitytracker.com/id?1016531

http://secunia.com/advisories/20993

http://pridels0.blogspot.com/2006/07/hivemail-vuln.html

Details

Source: Mitre, NVD

Published: 2006-07-13

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00791