CVE-2006-3564 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email (2) cond or (3) name parameters to (a) addressbook.view.php (4) the daysprune parameter to (b) index.php (5) the data[to] parameter to (c) compose.email.php and (6) the markas parameter to (d) read.markas.php.
Reference
http://pridels0.blogspot.com/2006/07/hivemail-vuln.html http://secunia.com/advisories/20993 http://securitytracker.com/id?1016531 http://www.osvdb.org/27100 http://www.osvdb.org/27101 http://www.osvdb.org/27102 http://www.osvdb.org/27103 http://www.securityfocus.com/bid/18949 http://www.vupen.com/english/advisories/2006/2763 https://exchange.xforce.ibmcloud.com/vulnerabilities/27695
Share on: