CVE-2007-5290

Published Oct 9, 2007

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:lite_asp:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A8427BA-F674-448F-B85A-1274A2A83625"
          },
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:lite_php:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F293CBDB-9BB5-44B5-AF1E-8B88C93FD4E4"
          },
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:pro_asp:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A9D398F-8127-4424-892E-CB3E630D1A2C"
          },
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.1:*:pro:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "320A2B3F-65FD-40F4-9974-83E6B0277BF1"
          },
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.2:*:pro:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0769007D-0A58-4260-A988-BCD8B672D21C"
          },
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.3:*:pro:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E59B1B2D-1FE3-4799-9D49-DDF35CA80616"
          },
          {
            "criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.4:*:pro:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4ED969C-C4FE-4960-B811-7BCACA24C181"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References