Lucene search
MitreCVE-2006-4956HistorySep 23, 2006 - 10:07 a.m.
CVE-2006-4956
2006-09-2310:07:00
mitre
web.nvd.nist.gov
25
cve
2006
4956
cross-site scripting
xss
vulnerability
neon webmail
java
updateuser servlet
web script
html
remote attackers
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6
Confidence
High
EPSS
0.007
Percentile
79.6%
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.
Affected configurations
Node
neosysneon_webmailMatch5.06java
ORneosysneon_webmailMatch5.07java
| Vendor | Product | Version | CPE |
|---|---|---|---|
| neosys | neon_webmail | 5.06 | cpe:2.3:a:neosys:neon_webmail:5.06:*:java:*:*:*:*:* |
| neosys | neon_webmail | 5.07 | cpe:2.3:a:neosys:neon_webmail:5.07:*:java:*:*:*:*:* |
Related
exploitdb
exploitdb
nvd
nvd
CVE-2006-4956
2006-09-23 10:07:00
cvelist
cvelist
CVE-2006-4956
2006-09-23 10:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6
Confidence
High
EPSS
0.007
Percentile
79.6%
Related for CVE-2006-4956