CVE-2004-1719

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

Published: Aug 17, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-1719
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
merak / mail_server	7.4.5	7.4.5.x

http://marc.info/?l=bugtraq&m=109279057326044&w=2
http://packetstormsecurity.nl/0408-exploits/merak527.txt
http://secunia.com/advisories/12269
http://securitytracker.com/id?1010969
http://www.osvdb.org/9037
http://www.osvdb.org/9038
http://www.osvdb.org/9039
http://www.osvdb.org/9040
http://www.osvdb.org/9041
http://www.osvdb.org/9042
http://www.securityfocus.com/bid/10966
https://exchange.xforce.ibmcloud.com/vulnerabilities/17024

Vulnerability Database

289,782

CVE-2004-1719