Vulnerabilities > CVE-2004-1196 - Cross-Site Scripting vulnerability in InShop and InMail

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

insite

nessus

exploit available

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter.

Vulnerable Configurations

Part	Description	Count
Application	Insite Insite Inmail * Insite Inshop *	2

Exploit-Db

description	InShop and InMail Cross-Site Scripting Vulnerabilities. CVE-2004-1196. Webapps exploit for cgi platform
id	EDB-ID:24779
last seen	2016-02-03
modified	2004-11-25
published	2004-11-25
reporter	Carlos Ulver
source	https://www.exploit-db.com/download/24779/
title	InShop and InMail Cross-Site Scripting Vulnerabilities

Nessus

NASL family	CGI abuses : XSS
NASL id	INMAIL_INSHOP_XSS.NASL
description	The remote host is using InMail/InShop, a web applications written in Perl. An implementation error in the validation of the user input specifically in the script
last seen	2020-06-01
modified	2020-06-02
plugin id	15864
published	2004-11-30
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/15864
title	InMail/InShop inmail.pl / inshop.pl XSS

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References