{"id": "CVE-2005-1714", "bulletinFamily": "NVD", "title": "CVE-2005-1714", "description": "Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.", "published": "2005-05-24T04:00:00", "modified": "2011-03-08T02:22:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1714", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/15425", "http://www.vupen.com/english/advisories/2005/0576"], "cvelist": ["CVE-2005-1714"], "type": "cve", "lastseen": "2019-05-29T18:08:14", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "e1c90fda435f27a64138baba85c3f1d8"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "8b555244c4ade4f556584645595c73c9"}, {"key": "cpe23", "hash": "45c7de460fbd477ca1d79a19a9def80c"}, {"key": "cvelist", "hash": "b38edf1f30f8c21eb88109b3d9644733"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "1376299678e4b22a45cbb6e661929c18"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "96e4a1e35546f47fe5737a3c42085bb4"}, {"key": "href", "hash": "b1c26c2454b862bb05d56a9127577011"}, {"key": "modified", "hash": "1da4c81d9a48317739a391a48e8cd93a"}, {"key": "published", "hash": "760119653733a7b4673816655b0dee45"}, {"key": "references", "hash": "322b2625fedf251c2f7b1af3f5e226f7"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "19a51d77eba2f03522aeac1db376213d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "3e58cf939c9d81b2129476321d8d812188f3d7a18f4a0e76b0d90aacc0c51832", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:16690"]}, {"type": "nessus", "idList": ["SURGEMAIL_30C2.NASL"]}], "modified": "2019-05-29T18:08:14"}, "score": {"value": 4.6, "vector": "NONE", "modified": "2019-05-29T18:08:14"}, "vulnersScore": 4.6}, "objectVersion": "1.3", "cpe": ["cpe:/a:netwin:surgemail:3.0c2"], "affectedSoftware": [{"name": "netwin surgemail", "operator": "eq", "version": "3.0c2"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:netwin:surgemail:3.0c2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"nessus": [{"lastseen": "2020-03-18T02:53:01", "bulletinFamily": "scanner", "description": "According to its banner, the remote host is running SurgeMail version\n3.0c2 or earlier. These versions reportedly are prone to multiple\ncross-site scripting issues, which an attacker could exploit to inject\narbitrary HTML and script code into a user", "modified": "2020-03-02T00:00:00", "id": "SURGEMAIL_30C2.NASL", "href": "https://www.tenable.com/plugins/nessus/18354", "published": "2005-05-20T00:00:00", "title": "SurgeMail <= 3.0c2 Multiple XSS", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(18354);\n script_version(\"1.16\");\n\n script_cve_id(\"CVE-2005-1714\");\n script_bugtraq_id(13689);\n\n script_name(english:\"SurgeMail <= 3.0c2 Multiple XSS\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote mail server is vulnerable to multiple cross-site scripting\nattacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"According to its banner, the remote host is running SurgeMail version\n3.0c2 or earlier. These versions reportedly are prone to multiple\ncross-site scripting issues, which an attacker could exploit to inject\narbitrary HTML and script code into a user's browser to be processed\nwithin the context of the affected website.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.netwinsite.com/surgemail/help/updates.htm\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to SurgeMail 3.2e1 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/05/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2005/05/19\");\n script_cvs_date(\"Date: 2018/07/31 17:27:53\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n summary[\"english\"] = \"Checks for multiple vulnerabilities in SurgeMail <= 3.0c2\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses : XSS\");\n\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"smtpserver_detect.nasl\");\n script_require_ports(\"Services/smtp\", 25, \"Services/www\", 7080);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"smtp_func.inc\");\n\n\n# Make sure the banner indicates it's from SurgeMail.\nport = get_http_port(default:7080, embedded: 1);\nbanner = get_http_banner(port:port);\nif (!banner) exit(1, \"No web banner on port \"+port);\nif (\"DManager\" >!< banner) exit(0, \"The web server on port \"+port+\" is not DManager\");\n\n\n# Unfortunately, the web server doesn't include its version in the \n# Server response header so let's pull it from the SMTP server.\nsmtpport = get_kb_item(\"Services/smtp\");\nif (!smtpport) smtpport = 25;\nif (! get_port_state(smtpport)) exit(0, \"Port \"+smtpport+\" is closed\");\nbanner = get_smtp_banner(port:smtpport);\nif (banner) {\n ver = ereg_replace(\n string:banner, \n pattern:\"^[0-9][0-9][0-9] .* SurgeSMTP \\(Version ([^)]+).+\",\n replace:\"\\1\"\n );\n\n # There's a problem if it's 3.0c2 or earlier.\n if (ver && ver =~ \"^([0-2]\\.|3\\.0([ab]|c([0-2]|$)))\") \n {\n security_warning(port);\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.netwinsite.com/surgemail/\nVendor Specific News/Changelog Entry: http://www.netwinsite.com/surgemail/help/updates.htm\n[Secunia Advisory ID:15425](https://secuniaresearch.flexerasoftware.com/advisories/15425/)\n[CVE-2005-1714](https://vulners.com/cve/CVE-2005-1714)\n", "modified": "2005-05-19T10:31:41", "published": "2005-05-19T10:31:41", "href": "https://vulners.com/osvdb/OSVDB:16690", "id": "OSVDB:16690", "type": "osvdb", "title": "SurgeMail Multiple Unspecified XSS", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}