Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2006-0894

Published: 25/02/2006 Updated: 05/09/2008
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 450
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Nocc

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.

Vulnerable Product Search on Vulmon Subscribe to Product

nocc nocc 1.0

Exploits

Exploit DB: NOCC 1.0 - 'filter_prefs.php?html_filter_select' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to inject arbitrary PHP code and execute it in the context of the vulnerable webserver An att ...
Exploit DB: NOCC 1.0 - 'no_mail.php?html_no_mail' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to inject arbitrary PHP code and execute it in the context of the vulnerable webserver An a ...
Exploit DB: NOCC 1.0 - 'error.php?html_error_occurred' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to inject arbitrary PHP code and execute it in the context of the vulnerable webserver An attac ...
Exploit DB: NOCC 1.0 - 'html_bottom_table.php' Multiple Cross-Site Scripting Vulnerabilities
source: wwwsecurityfocuscom/bid/16793/info NOCC Webmail is prone to multiple input-validation vulnerabilities These issues are due to a failure in the application to properly sanitize user-supplied input An attacker can exploit these issues to inject arbitrary PHP code and execute it in the context of the vulnerable webserver An ...

References

NVD-CWE-Otherhttp://archives.neohapsis.com/archives/bugtraq/2006-02/0418.htmlhttp://secunia.com/advisories/16921http://retrogod.altervista.org/noccw_10_incl_xpl.htmlhttp://www.securityfocus.com/bid/16793http://www.osvdb.org/23423http://www.osvdb.org/23424http://www.osvdb.org/23425http://www.osvdb.org/23426http://www.osvdb.org/23427http://securitytracker.com/id?1015671https://nvd.nist.govhttps://www.exploit-db.com/exploits/27300/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook