Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
low complexity
icewarp
nessus
exploit available
Published: 2005-01-28
Updated: 2017-07-11
Summary
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.
Vulnerable Configurations
Part | Description | Count |
Application | Icewarp | 1 |
Exploit-Db
description | IceWarp Web Mail 5.3 accountsettings_add.html accountid Parameter XSS. CVE-2005-0320. Webapps exploit for php platform |
id | EDB-ID:25069 |
last seen | 2016-02-03 |
modified | 2005-01-28 |
published | 2005-01-28 |
reporter | ShineShadow |
source | https://www.exploit-db.com/download/25069/ |
title | IceWarp Web Mail 5.3 accountsettings_add.html accountid Parameter XSS |
Nessus
NASL family | CGI abuses |
NASL id | ICEWARP_WEBMAIL_VULNS3.NASL |
description | The remote host is running IceWarp Web Mail - a webmail solution available for the Microsoft Windows platform. The remote version of this software is vulnerable to multiple input validation issues that could allow an attacker to compromise the integrity of the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 16273 |
published | 2005-01-29 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/16273 |
title | IceWarp Web Mail Multiple Flaws (3) |
code | #
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(16273);
script_version("1.15");
script_cvs_date("Date: 2018/11/15 20:50:17");
script_cve_id("CVE-2005-0320", "CVE-2005-0321");
script_bugtraq_id(12396);
script_name(english:"IceWarp Web Mail Multiple Flaws (3)");
script_summary(english:"Check the version of IceWarp WebMail");
script_set_attribute(attribute:"synopsis", value:
"The remote web server is running a webmail application that is
affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The remote host is running IceWarp Web Mail - a webmail solution
available for the Microsoft Windows platform.
The remote version of this software is vulnerable to multiple
input validation issues that could allow an attacker to compromise the
integrity of the remote host.");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/388751/30/0/threaded");
script_set_attribute(attribute:"solution", value:
"Upgrade to IceWarp Web Mail 5.3.3 or newer.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_publication_date", value: "2005/01/29");
script_set_attribute(attribute:"vuln_publication_date", value: "2005/01/28");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:icewarp:webmail");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
script_dependencie("icewarp_webmail_vulns.nasl");
script_require_ports("Services/www", 32000);
exit(0);
}
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
port = get_http_port(default:32000);
version = get_kb_item("www/" + port + "/icewarp_webmail/version");
if ( ! version ) exit(0);
if ( ereg(pattern:"IceWarp Web Mail ([0-4]\.|5\.([0-2]\.|3\.[0-2][^0-9]))", string:version) )
security_warning(port);
|