PT-2006-1600 · Neomail · Neomail

Published

2006-02-04

Updated

2018-10-19

CVE-2006-0536

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions NeoMail version 1.27

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. The sort parameter is vulnerable to this issue, although some sources suggest the date parameter might also be affected.

Recommendations For NeoMail version 1.27, avoid using the sort parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the sort parameter to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0536

Affected Products

Neomail

PT-2006-1600 · Neomail · Neomail

CVE-2006-0536

Related Identifiers

Affected Products

References · 6