PT-2005-1874 · Netwin · Surgemail

Tan Chew Keong

Published

2005-03-24

Updated

2016-10-18

CVE-2005-0846

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SurgeMail version 2.2g3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the message subject or message header field.

Recommendations For SurgeMail version 2.2g3, update to a version that fixes the XSS vulnerabilities in the email auto-reply message to prevent remote attackers from injecting arbitrary web script or HTML.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0846

Affected Products

Surgemail

PT-2005-1874 · Netwin · Surgemail

CVE-2005-0846

Related Identifiers

Affected Products

References · 6