MailReader < 2.3.36 network.cgi MIME Message XSS

Medium Nessus Network Monitor Plugin ID 2780

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host is running Mailreader, a web-based application which can be used to read email. This version of Mailreader is vulnerable to a remote HTML injection flaw. An attacker exploiting this flaw would need to be able to convince a Mailreader user to open a malicious email. Successful exploitation would result in the client running code within their browser that would seem to be originating from the Mailreader server.

Solution

Upgrade to version 2.3.36 or higher.

Plugin Details

Severity: Medium

ID: 2780

File Name: 2780.prm

Family: CGI

Published: 2005/03/30

Modified: 2016/02/05

Dependencies: 8166

Nessus ID: 17657

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:ND

CVSSv3

Base Score: 3.6

Temporal Score: 3.4

Vector: CVSS3#AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS3#E:H/RL:O/RC:X

Reference Information

CVE: CVE-2005-0386

BID: 12945