Vulnerabilities > CVE-2004-2494 - Multiple vulnerability in Code-Crafters Ability Mail Server

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

code-crafters

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.

Vulnerable Configurations

Part	Description	Count
Application	Code-Crafters Code Crafters Ability Mail Server 1.18	1

Exploit-Db

description	Code-Crafters Ability Mail Server 1.18 errormsg Parameter XSS. CVE-2004-2494. Remote exploits for multiple platform
id	EDB-ID:24268
last seen	2016-02-02
modified	2004-07-12
published	2004-07-12
reporter	dr_insane
source	https://www.exploit-db.com/download/24268/
title	Code-Crafters Ability Mail Server 1.18 errormsg Parameter XSS

References

http://members.lycos.co.uk/r34ct/main/Ability_mail_server_1.18.txt
http://secunia.com/advisories/12039
http://securitytracker.com/id?1010672
http://www.osvdb.org/7718
http://www.securityfocus.com/bid/10695
https://exchange.xforce.ibmcloud.com/vulnerabilities/16676