PT-2004-3339 · 1St Class · 1St Class Mail Server

Publicado

2004-12-31

Atualizado

2017-07-11

CVE-2004-2447

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: 1st Class Mail Server version 4.01

Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to various scripts and tags, including (1) "viewmail.tagz", (2) the index script under "/user/", (3) "members.tagz", (4) "general.tagz", (5) "advanced.tagz", or (6) "list.tagz".

Recommendations: For 1st Class Mail Server version 4.01, consider restricting access to the Mailbox parameter in the affected scripts and tags until a patch is available. As a temporary workaround, avoid using the Mailbox parameter in the specified API endpoints.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-2447

Produtos afetados

1St Class Mail Server

PT-2004-3339 · 1St Class · 1St Class Mail Server

CVE-2004-2447

Identificadores relacionados

Produtos afetados

Referências · 17