{"osvdb": [{"lastseen": "2017-04-28T13:20:12", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.netwinsite.com/surgemail/\nVendor Specific News/Changelog Entry: http://www.netwinsite.com/surgemail/help/updates.htm\n[Secunia Advisory ID:15425](https://secuniaresearch.flexerasoftware.com/advisories/15425/)\n[CVE-2005-1714](https://vulners.com/cve/CVE-2005-1714)\n", "reporter": "OSVDB", "published": "2005-05-19T10:31:41", "type": "osvdb", "title": "SurgeMail Multiple Unspecified XSS", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1714"], "modified": "2005-05-19T10:31:41", "href": "https://vulners.com/osvdb/OSVDB:16690", "id": "OSVDB:16690", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2018-09-01T23:59:12", "references": ["http://www.netwinsite.com/surgemail/help/updates.htm"], "pluginID": "18354", "description": "According to its banner, the remote host is running SurgeMail version 3.0c2 or earlier. These versions reportedly are prone to multiple cross-site scripting issues, which an attacker could exploit to inject arbitrary HTML and script code into a user's browser to be processed within the context of the affected website.", "edition": 4, "reporter": "Tenable", "published": "2005-05-20T00:00:00", "title": "SurgeMail <= 3.0c2 Multiple XSS", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "CGI abuses : XSS", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1714"], "modified": "2018-07-31T00:00:00", "cpe": [], "id": "SURGEMAIL_30C2.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18354", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18354);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2005-1714\");\n script_bugtraq_id(13689);\n\n script_name(english:\"SurgeMail <= 3.0c2 Multiple XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is vulnerable to multiple cross-site scripting\nattacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running SurgeMail version\n3.0c2 or earlier. These versions reportedly are prone to multiple\ncross-site scripting issues, which an attacker could exploit to inject\narbitrary HTML and script code into a user's browser to be processed\nwithin the context of the affected website.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.netwinsite.com/surgemail/help/updates.htm\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SurgeMail 3.2e1 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/05/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/05/19\");\n script_cvs_date(\"Date: 2018/07/31 17:27:53\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for multiple vulnerabilities in SurgeMail <= 3.0c2\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"smtpserver_detect.nasl\");\n script_require_ports(\"Services/smtp\", 25, \"Services/www\", 7080);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"smtp_func.inc\");\n\n\n# Make sure the banner indicates it's from SurgeMail.\nport = get_http_port(default:7080, embedded: 1);\nbanner = get_http_banner(port:port);\nif (!banner) exit(1, \"No web banner on port \"+port);\nif (\"DManager\" >!< banner) exit(0, \"The web server on port \"+port+\" is not DManager\");\n\n\n# Unfortunately, the web server doesn't include its version in the \n# Server response header so let's pull it from the SMTP server.\nsmtpport = get_kb_item(\"Services/smtp\");\nif (!smtpport) smtpport = 25;\nif (! get_port_state(smtpport)) exit(0, \"Port \"+smtpport+\" is closed\");\nbanner = get_smtp_banner(port:smtpport);\nif (banner) {\n ver = ereg_replace(\n string:banner, \n pattern:\"^[0-9][0-9][0-9] .* SurgeSMTP \\(Version ([^)]+).+\",\n replace:\"\\1\"\n );\n\n # There's a problem if it's 3.0c2 or earlier.\n if (ver && ver =~ \"^([0-2]\\.|3\\.0([ab]|c([0-2]|$)))\") \n {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
