CVE-2004-0337

Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0337
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
software602 / 602pro_lan_suite	2002	2002.x
software602 / 602pro_lan_suite	2003	2003.x

http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
http://marc.info/?l=bugtraq&m=107799540630302&w=2
http://www.securityfocus.com/bid/9777
https://exchange.xforce.ibmcloud.com/vulnerabilities/15351

Vulnerability Database

290,301

CVE-2004-0337