CVE-2005-0320
published 2005-01-28CVE-2005-0320: Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or…
PriorityP418medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
2.61%
83.5th percentile
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| icewarp | web_mail | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
IceWarp Web Mail 5.3 - login.html 'Username' Cross-Site Scripting
exploitdb·2005-01-28
CVE-2005-0320 IceWarp Web Mail 5.3 - login.html 'Username' Cross-Site Scripting
IceWarp Web Mail 5.3 - login.html 'Username' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/12396/info
Multiple remote vulnerabilities reportedly affect IceWarp Web Mail. The underlying issues are due to input and access validation errors.
Multiple cross-site scripting and HTML injection vulnerabilities affect the vulnerable software. The product is also vulnerable to a file creation with arbitrary data vulnerability. Finally it is possible for an authenticated attacker to move and read arbitrary files on an affected computer with the privileges of the affected application.
An attacker may leverage these issues to move arbitrary files with the privileges of the affected server, to carry out cross-site scripting and HTML injection attacks and to create a file with a
Exploit-DB
IceWarp Web Mail 5.3 - 'accountsettings_add.html?accountid' Cross-Site Scripting
exploitdb·2005-01-28
CVE-2005-0320 IceWarp Web Mail 5.3 - 'accountsettings_add.html?accountid' Cross-Site Scripting
IceWarp Web Mail 5.3 - 'accountsettings_add.html?accountid' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/12396/info
Multiple remote vulnerabilities reportedly affect IceWarp Web Mail. The underlying issues are due to input and access validation errors.
Multiple cross-site scripting and HTML injection vulnerabilities affect the vulnerable software. The product is also vulnerable to a file creation with arbitrary data vulnerability. Finally it is possible for an authenticated attacker to move and read arbitrary files on an affected computer with the privileges of the affected application.
An attacker may leverage these issues to move arbitrary files with the privileges of the affected server, to carry out cross-site scripting and HTML injection attacks and to creat
No writeups or analysis indexed.
2005-01-28
Published