CVE-2004-1719 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category (2) cserver (3) ext (4) global (5) showgroups (6) or showlite parameters to address.html or the (7) spage or (8) autoresponder parameters to settings.html the (9) folder parameter to readmail.html or the (10) attachmentpage_text_error parameter to attachment.html (11) folder (12) ct or (13) cv parameters to calendar.html (14) an img tag or (15) the subject of an e-mail message.

Reference

http://marc.info/?l=bugtraq&m=109279057326044&w=2 http://packetstormsecurity.nl/0408-exploits/merak527.txt http://secunia.com/advisories/12269 http://securitytracker.com/id?1010969 http://www.osvdb.org/9037 http://www.osvdb.org/9038 http://www.osvdb.org/9039 http://www.osvdb.org/9040 http://www.osvdb.org/9041 http://www.osvdb.org/9042 http://www.securityfocus.com/bid/10966 https://exchange.xforce.ibmcloud.com/vulnerabilities/17024