Cross-Site Scripting Vulnerabilities in SurgeMail by NetWin
CVE-2005-0846

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail
Vendor: CVE Published:; 2 May 2005

What is CVE-2005-0846?

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message functionality of SurgeMail 2.2g3 allow remote attackers to inject and execute arbitrary web scripts or HTML. This occurs via manipulation of the message subject and message header fields. Successful exploitation can compromise user interactions and exposure to malicious content.

References

http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=...

x_refsource_CONFIRM

http://marc.info/?l=bugtraq&m=111159967417903&w=2

mailing-listx_refsource_BUGTRAQ

http://secunia.com/advisories/14658

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Mar 24, 2005

Netwin

What is CVE-2005-0846?

References

Timeline