4.3
CVSSv2

CVE-2006-0758

Published: 18/02/2006 Updated: 20/07/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.

Vulnerable Product Search on Vulmon Subscribe to Product

hivemail hivemail 1.2 sp1

hivemail hivemail 1.2

hivemail hivemail 1.2.2

hivemail hivemail 1.3 beta1

hivemail hivemail 1.1.1

hivemail hivemail 1.3 rc1

hivemail hivemail 1.3

hivemail hivemail 1.2.1 rc

hivemail hivemail 1.2.1 beta1

hivemail hivemail 1.1

Exploits

source: wwwsecurityfocuscom/bid/16591/info HiveMail is prone to multiple vulnerabilities These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection The PHP code-execution issues are the result of an input-validation error that may allow user-supplied PHP code to be evaluated ...