Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2334

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2334
Last Modified 05 Sep 2008 04:43:50
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2334

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.

Vulnerable Systems

Application

  • Emumail Emu Webmail 5.2.7


References

XF - emu-webmail-login-xss(15452)

XF - emu-webmail-emumail-xss(15451)

MISC - http://www.zone-h.com/advisories/read/id=4141

BID - 9861

OSVDB - 4972

OSVDB - 4204

SECTRACK - 1009397

SECUNIA - 11110

MISC - http://members.lycos.co.uk/r34ct/main/emu/emu.txt


Last Updated: 27 May 2016 10:39:26