Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3564

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3564
Last Modified 07 Mar 2011 09:38:56
Published 12 Jul 2006 09:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3564

Summary

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.

Vulnerable Systems

Application

  • Hivemail 1.2

  • Hivemail 1.3


References

VUPEN - ADV-2006-2763

SECUNIA - 20993

XF - hivemail-multiple-scripts-xss(27695)

BID - 18949

OSVDB - 27103

OSVDB - 27102

OSVDB - 27101

OSVDB - 27100

SECTRACK - 1016531

MISC - http://pridels0.blogspot.com/2006/07/hivemail-vuln.html


Last Updated: 27 May 2016 10:43:02