Published: 18/02/2006 Updated: 20/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and previous versions allow remote malicious users to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hivemail hivemail 1.2 sp1
hivemail hivemail 1.2
hivemail hivemail 1.2.2
hivemail hivemail 1.3 beta1
hivemail hivemail 1.1.1
hivemail hivemail 1.3 rc1
hivemail hivemail 1.3
hivemail hivemail 1.2.1 rc
hivemail hivemail 1.2.1 beta1
hivemail hivemail 1.1

source: wwwsecurityfocuscom/bid/16591/info HiveMail is prone to multiple vulnerabilities These vulnerabilities may allow the execution of arbitrary PHP code, cross-site scripting attacks, and SQL injection The PHP code-execution issues are the result of an input-validation error that may allow user-supplied PHP code to be evaluated ...

NVD-CWE-Other http://archives.neohapsis.com/archives/bugtraq/2006-02/0162.html http://forum.hivemail.com/showthread.php?p=26745 http://www.gulftech.org/?node=research&article_id=00098-02102006 http://www.securityfocus.com/bid/16591 http://secunia.com/advisories/18807 http://www.vupen.com/english/advisories/2006/0527 https://exchange.xforce.ibmcloud.com/vulnerabilities/24622 https://nvd.nist.gov https://www.exploit-db.com/exploits/27186/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-0758

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect