Lucene search

MitreCVE-2005-1282

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-1282

2005-05-0204:00:00

mitre

web.nvd.nist.gov

cve

2005

1282

cross-site scripting

xss

argosoft mail server pro

webmail interface

security vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface.

Affected configurations

Nvd

Node

argosoftargosoft_mail_serverMatch1.8.7.6pro

VendorProductVersionCPE
argosoftargosoft_mail_server1.8.7.6cpe:2.3:a:argosoft:argosoft_mail_server:1.8.7.6:*:pro:*:*:*:*:*

Vendor	Product	Version	CPE
argosoft	argosoft_mail_server	1.8.7.6	cpe:2.3:a:argosoft:argosoft_mail_server:1.8.7.6::pro:::::

References

marc.info/?l=bugtraq&m=111419001527077&w=2

secunia.com/advisories/15100

www.securityfocus.com/bid/13326

exchange.xforce.ibmcloud.com/vulnerabilities/20225

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.003

Percentile

68.8%

JSON

Related for CVE-2005-1282