Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2104

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2104
Last Modified 07 Mar 2011 09:35:15
Published 29 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2104

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php.

Vulnerable Systems

Application

  • Kmail 1.7.1

  • Kmail 2.3


References

VUPEN - ADV-2006-1564

SECUNIA - 19755

XF - kmail-multiple-scripts-xss(26117)

OSVDB - 25064

OSVDB - 25063

OSVDB - 25062

OSVDB - 25061

MISC - http://pridels0.blogspot.com/2006/04/kmail-23-vuln.html


Last Updated: 27 May 2016 10:42:20