Lucene search

[email protected]CVE-2007-2825

HistoryMay 22, 2007 - 9:30 p.m.

CVE-2007-2825

2007-05-2221:30:00

[email protected]

web.nvd.nist.gov

cve-2007-2825

cross-site scripting

xss

readmsg.php

@mail 5.02

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.8 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.

Affected configurations

NVD

Node

atmailatmail_webmailRange≤5.02

CPENameOperatorVersion
atmail:atmail_webmailatmail atmail webmaille5.02

CPE	Name	Operator	Version
atmail:atmail_webmail	atmail atmail webmail	le	5.02

References

osvdb.org/36826

secunia.com/advisories/25506

terra.calacode.com/mail/docs/changelog.html

www.securityfocus.com/bid/24260

exchange.xforce.ibmcloud.com/vulnerabilities/34376

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

5.8 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.5%

JSON

Related for CVE-2007-2825

nvd1 cvelist1 prion1