Lucene search

[email protected]CVE-2006-3564

HistoryJul 13, 2006 - 1:05 a.m.

CVE-2006-3564

2006-07-1301:05:00

[email protected]

web.nvd.nist.gov

cve-2006-3564

cross-site scripting

xss

hivemail 1.3

security vulnerabilities

remote code injection

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to © compose.email.php, and (6) the markas parameter to (d) read.markas.php.

Affected configurations

NVD

Node

hivemailhivemailMatch1.2

hivemailhivemailMatch1.3

CPENameOperatorVersion
hivemail:hivemailhivemaileq1.2
hivemail:hivemailhivemaileq1.3

CPE	Name	Operator	Version
hivemail:hivemail	hivemail	eq	1.2
hivemail:hivemail	hivemail	eq	1.3

References

pridels0.blogspot.com/2006/07/hivemail-vuln.html

secunia.com/advisories/20993

securitytracker.com/id?1016531

www.osvdb.org/27100

www.osvdb.org/27101

www.osvdb.org/27102

www.osvdb.org/27103

www.securityfocus.com/bid/18949

www.vupen.com/english/advisories/2006/2763

exchange.xforce.ibmcloud.com/vulnerabilities/27695

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2006-3564

nvd1 cvelist1