Lucene search

[email protected]CVE-2004-2585

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2585

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-2585

xss

vulnerability

smartertools

smartermail

remote attackers

web script

html

javascript

check spelling

compose area

nvd

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the “check spelling” feature in the compose area.

CPENameOperatorVersion
smartertools:smartermailsmartertools smartermaileq1.6.1511
smartertools:smartermailsmartertools smartermaileq1.6.1529

CPE	Name	Operator	Version
smartertools:smartermail	smartertools smartermail	eq	1.6.1511
smartertools:smartermail	smartertools smartermail	eq	1.6.1529

References

members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt

secunia.com/advisories/11042

securitytracker.com/id?1009307

www.osvdb.org/4145

www.securityfocus.com/bid/9805

www.zone-h.org/advisories/read/id=4098

exchange.xforce.ibmcloud.com/vulnerabilities/15393

6.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVE-2004-2585

cvelist1