Vulnerabilities > CVE-2004-2548 - Input Validation vulnerability in Netwin Surgemail and Webmail

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

netwin

exploit available

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

Vulnerable Configurations

Part	Description	Count
Application	Netwin Netwin Surgemail 1.8A Netwin Surgemail 1.8B3 Netwin Surgemail 1.8D Netwin Surgemail 1.8F Netwin Surgemail 1.8G3 Netwin Surgemail 1.9 Netwin Surgemail 1.9B2 Netwin Surgemail * Netwin Webmail 3.1D	9

Exploit-Db

description	NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Login Form XSS. CVE-2004-2548 . Webapps exploit for php platform
id	EDB-ID:24177
last seen	2016-02-02
modified	2004-06-07
published	2004-06-07
reporter	Donnie Werner
source	https://www.exploit-db.com/download/24177/
title	NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Login Form XSS

Summary

Vulnerable Configurations

Exploit-Db

References