Vulnerability Details : CVE-2004-2379
Potential exploit
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2004-2379
- cpe:2.3:a:calacode:at_mail_webmail_system:3.64:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2379
0.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2379
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
References for CVE-2004-2379
-
http://www.securitytracker.com/alerts/2004/Feb/1009208.html
Exploit
-
http://members.lycos.co.uk/r34ct/main/%40mail_3.64/%40mail_3.64.txt
-
http://www.osvdb.org/4067
www.osvdb.org | 521: Web server is down
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15324
@Mail util.pl cross-site scripting CVE-2004-2379 Vulnerability Report
-
http://members.lycos.co.uk/r34ct/main/@mail_3.64/@mail_3.64.txt
Exploit;Vendor Advisory
-
http://secunia.com/advisories/10978
About Secunia Research | Flexera
-
http://www.osvdb.org/4066
-
http://www.securityfocus.com/bid/9748
Jump to