Vulnerabilities > CVE-2004-1101 - Cross-Site Scripting vulnerability in Tips Mailpost 5.1.1Sv
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
PARTIAL Summary
mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | TIPS MailPost 5.1.1 Error Message Cross-Site Scripting Vulnerability. CVE-2004-1101. Webapps exploit for cgi platform |
| id | EDB-ID:24722 |
| last seen | 2016-02-02 |
| modified | 2004-11-03 |
| published | 2004-11-03 |
| reporter | Procheckup |
| source | https://www.exploit-db.com/download/24722/ |
| title | TIPS MailPost 5.1.1 Error Message Cross-Site Scripting Vulnerability |
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | MAILPOST_MULTIPLE_FLAWS.NASL |
| description | TIPS MailPost, a web application used for emailing HTML form data to a third party, is installed on the remote host. The version of MailPost hosted on the remote web server has a cross-site scripting vulnerability in the |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 15626 |
| published | 2004-11-04 |
| reporter | This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/15626 |
| title | TIPS MailPost append Parameter XSS |