Lucene search

[email protected]CVE-2002-0411

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0411

2002-08-1204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

aeromail

xss vulnerability

cve-2002-0411

script execution

email security

7.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON

Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.

CPENameOperatorVersion
aeromail:aeromailaeromaileq1.30
aeromail:aeromailaeromaileq1.26
aeromail:aeromailaeromaileq1.20
aeromail:aeromailaeromaileq1.40
aeromail:aeromailaeromaileq1.02
aeromail:aeromailaeromaileq1.10

CPE	Name	Operator	Version
aeromail:aeromail	aeromail	eq	1.30
aeromail:aeromail	aeromail	eq	1.26
aeromail:aeromail	aeromail	eq	1.20
aeromail:aeromail	aeromail	eq	1.40
aeromail:aeromail	aeromail	eq	1.02
aeromail:aeromail	aeromail	eq	1.10

References

archives.neohapsis.com/archives/bugtraq/2002-03/0004.html

the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz

www.iss.net/security_center/static/8346.php

www.securityfocus.com/bid/4215

7.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.009 Low

EPSS

Percentile

82.4%

JSON