4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.019 Low
EPSS
Percentile
88.5%
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to © compose.email.php, and (6) the markas parameter to (d) read.markas.php.
CPE | Name | Operator | Version |
---|---|---|---|
hivemail:hivemail | hivemail | eq | 1.2 |
hivemail:hivemail | hivemail | eq | 1.3 |
pridels0.blogspot.com/2006/07/hivemail-vuln.html
secunia.com/advisories/20993
securitytracker.com/id?1016531
www.osvdb.org/27100
www.osvdb.org/27101
www.osvdb.org/27102
www.osvdb.org/27103
www.securityfocus.com/bid/18949
www.vupen.com/english/advisories/2006/2763
exchange.xforce.ibmcloud.com/vulnerabilities/27695