Published: 31/12/2004 Updated: 11/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail prior to 2.0c and (2) WebMail allow remote malicious users to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

Vulnerable Product	Search on Vulmon	Subscribe to Product
netwin surgemail 1.9
netwin surgemail 1.9b2
netwin surgemail 1.8b3
netwin surgemail 1.8d
netwin surgemail 1.8f
netwin surgemail 1.8g3
netwin surgemail 1.8a
netwin webmail 3.1d
netwin surgemail

source: wwwsecurityfocuscom/bid/10483/info SurgeMail/WebMail is prone to multiple vulnerabilities These issue result from insufficient sanitization of user-supplied data The issues can allow an attacker to carry out path disclosure and cross-site scripting attacks SurgeMail versions 19 and prior and WebMail 31d are affected by the ...

NVD-CWE-Other http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt http://www.netwinsite.com/surgemail/help/updates.htm http://www.securityfocus.com/bid/10483 http://www.osvdb.org/6746 http://secunia.com/advisories/11772 https://exchange.xforce.ibmcloud.com/vulnerabilities/16320 https://nvd.nist.gov https://www.exploit-db.com/exploits/24177/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2548

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect