CVE-2004-2447
published 2004-12-31CVE-2004-2447: Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.67%
83.9th percentile
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1st_class_internet_solutions | 1st_class_mail_server | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
1st Class Mail Server 4.0 1 - Index Cross-Site Scripting
exploitdb·2004-04-08
CVE-2004-2447 1st Class Mail Server 4.0 1 - Index Cross-Site Scripting
1st Class Mail Server 4.0 1 - Index Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10089/info
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well.
http://www.example.com/AUTH=[some_value]/user/?Site=www.example.com&Mailbox=[html_code]
Exploit-DB
1st Class Mail Server 4.0 1 - members.tagz Cross-Site Scripting
exploitdb·2004-04-08
CVE-2004-2447 1st Class Mail Server 4.0 1 - members.tagz Cross-Site Scripting
1st Class Mail Server 4.0 1 - members.tagz Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10089/info
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well.
http://www.example.com/AUTH=[some_value]/user/members.tagz?Site=www.example.com&Mailbox=[html_code]
Exploit-DB
1st Class Mail Server 4.0 1 - viewmail.tagz Cross-Site Scripting
exploitdb·2004-04-08
CVE-2004-2447 1st Class Mail Server 4.0 1 - viewmail.tagz Cross-Site Scripting
1st Class Mail Server 4.0 1 - viewmail.tagz Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10089/info
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well.
http://www.example.com/AUTH=[some_value]/user/viewmail.tagz?Site=www.example.com&Mailbox=3&MessageIndex=[html_code]>
Exploit-DB
1st Class Mail Server 4.0 1 - advanced.tagz Cross-Site Scripting
exploitdb·2004-04-08
CVE-2004-2447 1st Class Mail Server 4.0 1 - advanced.tagz Cross-Site Scripting
1st Class Mail Server 4.0 1 - advanced.tagz Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10089/info
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well.
http://www.example.com/AUTH=[some_value]/user/advanced.tagz?Site=www.example.com&Mailbox=
Exploit-DB
1st Class Mail Server 4.0 1 - general.tagz Cross-Site Scripting
exploitdb·2004-04-08
CVE-2004-2447 1st Class Mail Server 4.0 1 - general.tagz Cross-Site Scripting
1st Class Mail Server 4.0 1 - general.tagz Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10089/info
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well.
http://www.example.com/AUTH=[some_value]/user/general.tagz?Site=www.example.com&Mailbox=[html_code]
Exploit-DB
1st Class Mail Server 4.0 1 - list.tagz Cross-Site Scripting
exploitdb·2004-04-08
CVE-2004-2447 1st Class Mail Server 4.0 1 - list.tagz Cross-Site Scripting
1st Class Mail Server 4.0 1 - list.tagz Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/10089/info
Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks.
1st Class Mail Server version 4.01 is reported to be prone to these issues, however, it is possible that other versions are affected as well.
http://www.example.com/AUTH=[some_value]/user/list.tagz?Site=www.example.com&Mailbox=[html_code]
No writeups or analysis indexed.
http://secunia.com/advisories/11330http://securitytracker.com/alerts/2004/Apr/1009705.htmlhttp://www.osvdb.org/5012http://www.osvdb.org/5013http://www.osvdb.org/5014http://www.osvdb.org/5015http://www.osvdb.org/5016http://www.osvdb.org/5017http://www.securityfocus.com/bid/10089https://exchange.xforce.ibmcloud.com/vulnerabilities/15815http://secunia.com/advisories/11330http://securitytracker.com/alerts/2004/Apr/1009705.htmlhttp://www.osvdb.org/5012http://www.osvdb.org/5013http://www.osvdb.org/5014http://www.osvdb.org/5015http://www.osvdb.org/5016http://www.osvdb.org/5017http://www.securityfocus.com/bid/10089https://exchange.xforce.ibmcloud.com/vulnerabilities/15815
2004-12-31
Published