CVE-2004-2548

Published Dec 31, 2004

Last updated 7 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B907DFAA-E772-416A-AC6A-EB92CF871D92",
            "versionEndIncluding": "2.0a2"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.8a:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F3F0B2-8A75-42A6-9B4C-E1C2AA8EF27C"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.8b3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06B04968-6115-48D0-A315-D0445234DA23"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.8d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3213555-A5AC-4722-B2A9-26726803F813"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.8f:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "31FAD6F1-2A15-4A28-9E33-33B67D627956"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.8g3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96563C20-642A-47EA-8A4B-1DE9C1DD7377"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "439847AC-0ACD-4BDB-A935-3CE645366DAF"
          },
          {
            "criteria": "cpe:2.3:a:netwin:surgemail:1.9b2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFAC85F6-EF7F-4051-AEC9-4FF21D77D1EA"
          },
          {
            "criteria": "cpe:2.3:a:netwin:webmail:3.1d:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "282F56FD-7FAC-4450-B2EF-29DA7F27E83C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References