Vulnerabilities > CVE-2004-2447 - Input Validation vulnerability in 1ST Class Internet Solutions 1ST Class Mail Server 4.01
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description 1st Class Mail Server 4.0 1 general.tagz XSS. CVE-2004-2447 . Webapps exploit for cgi platform id EDB-ID:23940 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter dr_insane source https://www.exploit-db.com/download/23940/ title 1st Class Mail Server 4.0 1 general.tagz XSS description 1st Class Mail Server 4.0 1 Index XSS. CVE-2004-2447. Webapps exploit for cgi platform id EDB-ID:23938 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter dr_insane source https://www.exploit-db.com/download/23938/ title 1st Class Mail Server 4.0 1 Index XSS description 1st Class Mail Server 4.0 1 advanced.tagz XSS. CVE-2004-2447 . Webapps exploit for cgi platform id EDB-ID:23941 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter dr_insane source https://www.exploit-db.com/download/23941/ title 1st Class Mail Server 4.0 1 advanced.tagz XSS description 1st Class Mail Server 4.0 1 viewmail.tagz XSS. CVE-2004-2447. Webapps exploit for cgi platform id EDB-ID:23937 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter dr_insane source https://www.exploit-db.com/download/23937/ title 1st Class Mail Server 4.0 1 viewmail.tagz XSS description 1st Class Mail Server 4.0 1 list.tagz XSS. CVE-2004-2447 . Webapps exploit for cgi platform id EDB-ID:23942 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter dr_insane source https://www.exploit-db.com/download/23942/ title 1st Class Mail Server 4.0 1 list.tagz XSS description 1st Class Mail Server 4.0 1 members.tagz XSS. CVE-2004-2447. Webapps exploit for cgi platform id EDB-ID:23939 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter dr_insane source https://www.exploit-db.com/download/23939/ title 1st Class Mail Server 4.0 1 members.tagz XSS
References
- http://secunia.com/advisories/11330
- http://securitytracker.com/alerts/2004/Apr/1009705.html
- http://www.osvdb.org/5012
- http://www.osvdb.org/5013
- http://www.osvdb.org/5014
- http://www.osvdb.org/5015
- http://www.osvdb.org/5016
- http://www.osvdb.org/5017
- http://www.securityfocus.com/bid/10089
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15815