Lucene search

PRIOn knowledge basePRION:CVE-2013-6229

HistoryFeb 12, 2014 - 3:55 p.m.

Cross site scripting

2014-02-1215:55:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.

CPENameOperatorVersion
atmaileq7.0.2

CPE	Name	Operator	Version
	atmail	eq	7.0.2

References

www.isecauditors.com/advisories-2013

www.securityfocus.com/archive/1/530934/100/0/threaded

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

55.0%

JSON

Related for PRION:CVE-2013-6229