CVE-2004-1719
published 2004-08-17CVE-2004-1719: Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.01%
91.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an tag, or (15) the subject of an e-mail message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| merak | mail_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Merak Mail Server 7.4.5 - HTML Message Body Cross-Site Scripting
exploitdb·2004-07-17
CVE-2004-1719 Merak Mail Server 7.4.5 - HTML Message Body Cross-Site Scripting
Merak Mail Server 7.4.5 - HTML Message Body Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10966/info
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
These vulnerabilities are reported to exist in versions prior to 7.5.2.
Exploit-DB
Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2004-07-17
CVE-2004-1719 Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities
Merak Mail Server 7.4.5 - 'address.html' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/10966/info
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
These vulnerabilities are reported to exist in versions prior to 7.5.2.
/address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category=">alert()&cserver=&ext=
/address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&category=&cserver=">[XSS]&ext=
/address.html?id=[id]&sort=name&selectsort=&global=&showgroups=&showlite=&c
Exploit-DB
Merak Mail Server 7.4.5 - 'attachment.html?attachmentpage_text_error' Cross-Site Scripting
exploitdb·2004-07-17
CVE-2004-1719 Merak Mail Server 7.4.5 - 'attachment.html?attachmentpage_text_error' Cross-Site Scripting
Merak Mail Server 7.4.5 - 'attachment.html?attachmentpage_text_error' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10966/info
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
These vulnerabilities are reported to exist in versions prior to 7.5.2.
/attachment.html?attachmentpage_text_error=">[XSS]
Exploit-DB
Merak Mail Server 7.4.5 - 'settings.html' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2004-07-17
CVE-2004-1719 Merak Mail Server 7.4.5 - 'settings.html' Multiple Cross-Site Scripting Vulnerabilities
Merak Mail Server 7.4.5 - 'settings.html' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/10966/info
The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities.
The vulnerabilities reported are:
- Multiple cross-site scripting vulnerabilities
- An HTML injection vulnerability
- A PHP source code disclosure vulnerability
- An SQL injection vulnerability
These vulnerabilities are reported to exist in versions prior to 7.5.2.
/settings.html?autoresponder=1&id=[id]&spage=">[XSS]
/settings.html?autoresponder=">[XSS]&id=[id]&spage=0
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109279057326044&w=2http://packetstormsecurity.nl/0408-exploits/merak527.txthttp://secunia.com/advisories/12269http://securitytracker.com/id?1010969http://www.osvdb.org/9037http://www.osvdb.org/9038http://www.osvdb.org/9039http://www.osvdb.org/9040http://www.osvdb.org/9041http://www.osvdb.org/9042http://www.securityfocus.com/bid/10966https://exchange.xforce.ibmcloud.com/vulnerabilities/17024http://marc.info/?l=bugtraq&m=109279057326044&w=2http://packetstormsecurity.nl/0408-exploits/merak527.txthttp://secunia.com/advisories/12269http://securitytracker.com/id?1010969http://www.osvdb.org/9037http://www.osvdb.org/9038http://www.osvdb.org/9039http://www.osvdb.org/9040http://www.osvdb.org/9041http://www.osvdb.org/9042http://www.securityfocus.com/bid/10966https://exchange.xforce.ibmcloud.com/vulnerabilities/17024
2004-08-17
Published