Vulnerabilities > CVE-2004-2447 - Input Validation vulnerability in 1ST Class Internet Solutions 1ST Class Mail Server 4.01

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
1st-class-internet-solutions
exploit available

Summary

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

Vulnerable Configurations

Part Description Count
Application
1St_Class_Internet_Solutions
1

Exploit-Db

  • description1st Class Mail Server 4.0 1 general.tagz XSS. CVE-2004-2447 . Webapps exploit for cgi platform
    idEDB-ID:23940
    last seen2016-02-02
    modified2004-04-08
    published2004-04-08
    reporterdr_insane
    sourcehttps://www.exploit-db.com/download/23940/
    title1st Class Mail Server 4.0 1 general.tagz XSS
  • description1st Class Mail Server 4.0 1 Index XSS. CVE-2004-2447. Webapps exploit for cgi platform
    idEDB-ID:23938
    last seen2016-02-02
    modified2004-04-08
    published2004-04-08
    reporterdr_insane
    sourcehttps://www.exploit-db.com/download/23938/
    title1st Class Mail Server 4.0 1 Index XSS
  • description1st Class Mail Server 4.0 1 advanced.tagz XSS. CVE-2004-2447 . Webapps exploit for cgi platform
    idEDB-ID:23941
    last seen2016-02-02
    modified2004-04-08
    published2004-04-08
    reporterdr_insane
    sourcehttps://www.exploit-db.com/download/23941/
    title1st Class Mail Server 4.0 1 advanced.tagz XSS
  • description1st Class Mail Server 4.0 1 viewmail.tagz XSS. CVE-2004-2447. Webapps exploit for cgi platform
    idEDB-ID:23937
    last seen2016-02-02
    modified2004-04-08
    published2004-04-08
    reporterdr_insane
    sourcehttps://www.exploit-db.com/download/23937/
    title1st Class Mail Server 4.0 1 viewmail.tagz XSS
  • description1st Class Mail Server 4.0 1 list.tagz XSS. CVE-2004-2447 . Webapps exploit for cgi platform
    idEDB-ID:23942
    last seen2016-02-02
    modified2004-04-08
    published2004-04-08
    reporterdr_insane
    sourcehttps://www.exploit-db.com/download/23942/
    title1st Class Mail Server 4.0 1 list.tagz XSS
  • description1st Class Mail Server 4.0 1 members.tagz XSS. CVE-2004-2447. Webapps exploit for cgi platform
    idEDB-ID:23939
    last seen2016-02-02
    modified2004-04-08
    published2004-04-08
    reporterdr_insane
    sourcehttps://www.exploit-db.com/download/23939/
    title1st Class Mail Server 4.0 1 members.tagz XSS