Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2974

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2006-2974
Last Modified 07 Mar 2011 09:37:24
Published 12 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2974

Summary

Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 6.1.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errCode and (2) uid parameter in (a) default.asp and (3) dname parameter in (b) /admin/dns.asp and (c) /additional/regdomain_done.asp.

Vulnerable Systems

Application

  • Emailarchitect Email Server 6.1.0.5


References

VUPEN - ADV-2006-2213

SECTRACK - 1016237

SECUNIA - 20516

XF - emailarchitect-emailserver-xss(27005)


Last Updated: 27 May 2016 10:42:50