Lucene search

K
cve[email protected]CVE-2006-3305
HistoryJun 29, 2006 - 1:05 a.m.

CVE-2006-3305

2006-06-2901:05:00
web.nvd.nist.gov
19
cve-2006-3305
cross-site scripting
xss
uebimiau webmail
web security
remote code injection

6 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.3%

Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.

Affected configurations

NVD
Node
uebimiauuebimiauRange2.7.2
OR
uebimiauuebimiauMatch2.7.10

6 Medium

AI Score

Confidence

High

2.6 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.3%

Related for CVE-2006-3305