First published: Fri Dec 31 2004(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
NetWin SurgeMail | <=2.0a2 | |
NetWin SurgeMail | =1.8f | |
NetWin Webmail | =3.1d | |
NetWin SurgeMail | =1.8d | |
NetWin SurgeMail | =1.8b3 | |
NetWin SurgeMail | =1.8g3 | |
NetWin SurgeMail | =1.8a | |
NetWin SurgeMail | =1.9 | |
NetWin SurgeMail | =1.9b2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.