Lucene search

[email protected]CVE-2004-1669

HistorySep 10, 2004 - 4:00 a.m.

CVE-2004-1669

2004-09-1004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2004

1669

xss

vulnerability

merak mail server

icewarp web mail

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.4%

JSON

Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html.

CPENameOperatorVersion
merak:mail_servermerak mail servereq7.4.5
icewarp:web_mailicewarp web maileq5.2.7
icewarp:web_mailicewarp web maileq5.2.8
icewarp:web_mailicewarp web maileq3.3.2

CPE	Name	Operator	Version
merak:mail_server	merak mail server	eq	7.4.5
icewarp:web_mail	icewarp web mail	eq	5.2.7
icewarp:web_mail	icewarp web mail	eq	5.2.8
icewarp:web_mail	icewarp web mail	eq	3.3.2

References

marc.info/?l=bugtraq&m=109483971420067&w=2

secunia.com/advisories/12789

www.securityfocus.com/bid/11371

exchange.xforce.ibmcloud.com/vulnerabilities/17313

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.4%

JSON

Related for CVE-2004-1669

nessus1