CVE-2007-5290
Published Oct 9, 2007
Last updated 7 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:lite_asp:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A8427BA-F674-448F-B85A-1274A2A83625"
},
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:lite_php:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F293CBDB-9BB5-44B5-AF1E-8B88C93FD4E4"
},
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:pro_asp:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4A9D398F-8127-4424-892E-CB3E630D1A2C"
},
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.1:*:pro:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "320A2B3F-65FD-40F4-9974-83E6B0277BF1"
},
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.2:*:pro:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0769007D-0A58-4260-A988-BCD8B672D21C"
},
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.3:*:pro:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E59B1B2D-1FE3-4799-9D49-DDF35CA80616"
},
{
"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.4:*:pro:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4ED969C-C4FE-4960-B811-7BCACA24C181"
}
],
"operator": "OR"
}
]
}
]