Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail prior to 2.0c and (2) WebMail allow remote malicious users to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
netwin surgemail 1.9 |
||
netwin surgemail 1.9b2 |
||
netwin surgemail 1.8b3 |
||
netwin surgemail 1.8d |
||
netwin surgemail 1.8f |
||
netwin surgemail 1.8g3 |
||
netwin surgemail 1.8a |
||
netwin webmail 3.1d |
||
netwin surgemail |