MailReader < 2.3.36 network.cgi MIME Message XSS

Medium Nessus Network Monitor Plugin ID 2780


The remote host is vulnerable to an HTML injection attack.


The remote host is running Mailreader, a web-based application which can be used to read email. This version of Mailreader is vulnerable to a remote HTML injection flaw. An attacker exploiting this flaw would need to be able to convince a Mailreader user to open a malicious email. Successful exploitation would result in the client running code within their browser that would seem to be originating from the Mailreader server.


Upgrade to version 2.3.36 or higher.

Plugin Details

Severity: Medium

ID: 2780

File Name: 2780.prm

Family: CGI

Published: 2005/03/30

Modified: 2016/02/05

Dependencies: 8166

Nessus ID: 17657

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:H/RL:OF/RC:ND


Base Score: 3.6

Temporal Score: 3.4


Temporal Vector: CVSS3#E:H/RL:O/RC:X

Reference Information

CVE: CVE-2005-0386

BID: 12945