Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2447

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2447
Last Modified 05 Sep 2008 04:44:10
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2447

Summary

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

Vulnerable Systems

Application

  • 1st Class Internet Solutions 1st Class Mail Server 4.01


References

XF - 1stclass-multiple-xss(15815)

BID - 10089

OSVDB - 5017

OSVDB - 5016

OSVDB - 5015

OSVDB - 5014

OSVDB - 5013

OSVDB - 5012

SECTRACK - 1009705

SECUNIA - 11330


Last Updated: 27 May 2016 10:39:29