Vulnerabilities > CVE-2004-2548 - Unspecified vulnerability in Netwin Surgemail and Webmail
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN netwin
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
| description | NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Login Form XSS. CVE-2004-2548 . Webapps exploit for php platform |
| id | EDB-ID:24177 |
| last seen | 2016-02-02 |
| modified | 2004-06-07 |
| published | 2004-06-07 |
| reporter | Donnie Werner |
| source | https://www.exploit-db.com/download/24177/ |
| title | NetWin SurgeMail 1.8/1.9/2.0,WebMail 3.1 Login Form XSS |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0056.html
- http://secunia.com/advisories/11772
- http://secunia.com/advisories/11772
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt
- http://www.netwinsite.com/surgemail/help/updates.htm
- http://www.netwinsite.com/surgemail/help/updates.htm
- http://www.osvdb.org/6746
- http://www.osvdb.org/6746
- http://www.securityfocus.com/bid/10483
- http://www.securityfocus.com/bid/10483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16320
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16320