Vulnerabilities > CVE-2006-3305 - Cross-Site Scripting vulnerability in Uebimiau 2.7.10

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

uebimiau

NVD

Published: 2006-06-29

Updated: 2017-07-20

Summary

Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau Webmail 2.7.10, and 2.7.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) f_user parameter in index.php, the (2) pag parameter in messages.php, or the (3) lid, (4) tid, and (5) sid parameters in error.php.

Vulnerable Configurations

Part	Description	Count
Application	Uebimiau Uebimiau Uebimiau * Uebimiau Uebimiau 2.7.10	2

References

http://pridels0.blogspot.com/2006/06/uebimiau-webmail-xss-vuln.html
http://secunia.com/advisories/20804
http://www.securityfocus.com/bid/18643
http://www.securityfocus.com/bid/22375
http://www.vupen.com/english/advisories/2006/2513
https://exchange.xforce.ibmcloud.com/vulnerabilities/27371