Lucene search

[email protected]CVE-2004-1719

HistoryFeb 26, 2005 - 5:00 a.m.

CVE-2004-1719

2005-02-2605:00:00

[email protected]

web.nvd.nist.gov

merak webmail server

xss

cross-site scripting

vulnerability

security

cve-2004-1719

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.012

Percentile

85.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

Affected configurations

NVD

Node

merakmail_serverMatch7.4.5

VendorProductVersionCPE
merakmail_server7.4.5cpe:/a:merak:mail_server:7.4.5:::

Vendor	Product	Version	CPE
merak	mail_server	7.4.5	cpe:/a:merak:mail_server:7.4.5:::

References

marc.info/?l=bugtraq&m=109279057326044&w=2

packetstormsecurity.nl/0408-exploits/merak527.txt

secunia.com/advisories/12269

securitytracker.com/id?1010969

www.osvdb.org/9037

www.osvdb.org/9038

www.osvdb.org/9039

www.osvdb.org/9040

www.osvdb.org/9041

www.osvdb.org/9042

www.securityfocus.com/bid/10966

exchange.xforce.ibmcloud.com/vulnerabilities/17024

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.012

Percentile

85.0%

JSON

Related for CVE-2004-1719

cvelist1 nvd1 openvas2 nessus1