Cross-Site Scripting Vulnerabilities in MERAK Mail Server by Icewarp
CVE-2005-0320

Currently unrated

Key Information:

Vendor: Icewarp
Status: Web Mail
Vendor: CVE Published:; 28 January 2005

What is CVE-2005-0320?

Multiple cross-site scripting vulnerabilities exist in MERAK Mail Server version 7.6.0 and Icewarp Web Mail version 5.3.0. These vulnerabilities allow attackers to inject arbitrary web scripts or HTML by manipulating specific fields: the username parameter in login.html, the accountid parameter in accountsettings_add.html, and the note, title, and location fields in calendar.html. This can lead to unauthorized actions performed in the context of the user's session, risking sensitive information and compromising user accounts.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/19147

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=110693950205007&w=2

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/12396

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Feb 10, 2005
Vulnerability published
Jan 28, 2005

JSON