Multiple Cross-Site Scripting Vulnerabilities in NetWin SurgeMail and WebMail
CVE-2004-2548

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail; Webmail
Vendor: CVE Published:; 31 December 2004

What is CVE-2004-2548?

The vulnerabilities in NetWin SurgeMail and WebMail permit remote attackers to exploit cross-site scripting (XSS) weaknesses. These vulnerabilities enable attackers to inject arbitrary web scripts or HTML content via specially crafted URIs or through the username field in the login form. This flaw highlights the significance of secure input handling and website sanitization processes to mitigate risks of unauthorized script execution.

References

http://www.securityfocus.com/bid/10483

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/16320

vdb-entryx_refsource_XF

http://www.exploitlabs.com/files/advisories/EXPL-A-2004-0...

x_refsource_MISC

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Nov 21, 2005
Vulnerability published
Dec 31, 2004

Netwin

What is CVE-2004-2548?

References

EPSS Score

Timeline