Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1719

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-1719
Last Modified 10 Sep 2008 03:31:51
Published 17 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-1719

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an tag, or (15) the subject of an e-mail message.

Vulnerable Systems

Application

  • Merak Mail Server 7.4.5


References

XF - merak-xss(17024)

BID - 10966

OSVDB - 9042

OSVDB - 9041

OSVDB - 9040

OSVDB - 9039

OSVDB - 9038

OSVDB - 9037

SECUNIA - 12269

MISC - http://packetstormsecurity.nl/0408-exploits/merak527.txt

BUGTRAQ - 20040817 Vulnerabilities in Merak Webmail Server

SECTRACK - 1010969


Last Updated: 27 May 2016 10:39:09