Lucene search

[email protected]CVE-2005-3692

HistoryNov 19, 2005 - 1:03 a.m.

CVE-2005-3692

2005-11-1901:03:00

[email protected]

web.nvd.nist.gov

amax magic winmail server

xss

vulnerability

web script

html

remote attack

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.

Affected configurations

NVD

Node

amax_information_technologiesmagic_winmail_serverMatch4.2

CPENameOperatorVersion
amax_information_technologies:magic_winmail_serveramax information technologies magic winmail servereq4.2

CPE	Name	Operator	Version
amax_information_technologies:magic_winmail_server	amax information technologies magic winmail server	eq	4.2

References

archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html

secunia.com/advisories/16665

secunia.com/secunia_research/2005-58/advisory/

www.osvdb.org/20926

www.osvdb.org/20927

www.osvdb.org/20928

www.securityfocus.com/bid/15493

www.vupen.com/english/advisories/2005/2485

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2005-3692

packetstorm1 cvelist1 nvd1 kaspersky1 nessus1