Vulnerabilities > CVE-2005-1120 - Remote HTML Injection vulnerability in IlohaMail Email Message
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.
Vulnerable Configurations
Nessus
NASL family CGI abuses : XSS NASL id ILOHAMAIL_EMAIL_XSS.NASL description Based on its version number, the installation of IlohaMail on the remote host does not properly sanitize attachment file names, MIME media types, and HTML / text email messages. An attacker can exploit these vulnerabilities by sending a specially crafted message to a user which, when read using an affected version of IlohaMail, will allow the attacker to execute arbitrary HTML and script code in the user last seen 2020-06-01 modified 2020-06-02 plugin id 18050 published 2005-04-14 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/18050 title IlohaMail read_message.php Attachment Multiple Field XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(18050); script_version("1.20"); script_cve_id("CVE-2005-1120"); script_bugtraq_id(13175); script_name(english:"IlohaMail read_message.php Attachment Multiple Field XSS"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a PHP application that is subject to cross-site scripting attacks." ); script_set_attribute(attribute:"description", value: "Based on its version number, the installation of IlohaMail on the remote host does not properly sanitize attachment file names, MIME media types, and HTML / text email messages. An attacker can exploit these vulnerabilities by sending a specially crafted message to a user which, when read using an affected version of IlohaMail, will allow the attacker to execute arbitrary HTML and script code in the user's browser within the context of the affected website." ); script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304525" ); script_set_attribute(attribute:"solution", value: "Upgrade to IlohaMail version 0.8.14-rc3 or newer." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/14"); script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/14"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_end_attributes(); summary["english"] = "Checks for email message cross-site scripting vulnerabilities in IlohaMail"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses : XSS"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("ilohamail_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:80); if (!can_host_php(port:port)) exit(0); # Test an install. install = get_kb_item(string("www/", port, "/ilohamail")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { ver = matches[1]; # nb: versions 0.8.14-rc2 and earlier may be affected. if (ver =~ "^0\.([1-7].*|8\.([0-9]([^0-9]|$)|1([0-3]|4.*rc[12])))") { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1010.NASL description Ulf Harnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attackers to inject arbitrary web script or HTML. last seen 2020-06-01 modified 2020-06-02 plugin id 22552 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22552 title Debian DSA-1010-1 : ilohamail - missing input sanitising code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1010. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22552); script_version("1.19"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-1120"); script_bugtraq_id(13175); script_xref(name:"DSA", value:"1010"); script_name(english:"Debian DSA-1010-1 : ilohamail - missing input sanitising"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Ulf Harnhammar from the Debian Security Audit Project discovered that ilohamail, a lightweight multilingual web-based IMAP/POP3 client, does not always sanitise input provided by users which allows remote attackers to inject arbitrary web script or HTML." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304525" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1010" ); script_set_attribute( attribute:"solution", value: "Upgrade the ilohamail package. The old stable distribution (woody) does not contain an ilohamail package. For the stable distribution (sarge) these problems have been fixed in version 0.8.14-0rc3sarge1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ilohamail"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"ilohamail", reference:"0.8.14-0rc3sarge1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");