Lucene search

[email protected]CVE-2005-0846

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-0846

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

cve-2005-0846

xss

surgemail

email security

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.

Affected configurations

NVD

Node

netwinsurgemailMatch2.2g3

CPENameOperatorVersion
netwin:surgemailnetwin surgemaileq2.2g3

CPE	Name	Operator	Version
netwin:surgemail	netwin surgemail	eq	2.2g3

References

marc.info/?l=bugtraq&m=111159967417903&w=2

netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.surgemail&item=8814&utag=

secunia.com/advisories/14658

www.security.org.sg/vuln/surgemail22g3.html

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2005-0846

nvd1 cvelist1 nessus1