Vulnerabilities > CVE-2006-3564 - Unspecified vulnerability in Hivemail 1.2/1.3

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

hivemail

NVD

Published: 2006-07-13

Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.

Vulnerable Configurations

Part	Description	Count
Application	Hivemail Hivemail Hivemail 1.2 Hivemail Hivemail 1.3	2

References

http://pridels0.blogspot.com/2006/07/hivemail-vuln.html
http://pridels0.blogspot.com/2006/07/hivemail-vuln.html
http://secunia.com/advisories/20993
http://secunia.com/advisories/20993
http://securitytracker.com/id?1016531
http://securitytracker.com/id?1016531
http://www.osvdb.org/27100
http://www.osvdb.org/27100
http://www.osvdb.org/27101
http://www.osvdb.org/27101
http://www.osvdb.org/27102
http://www.osvdb.org/27102
http://www.osvdb.org/27103
http://www.osvdb.org/27103
http://www.securityfocus.com/bid/18949
http://www.securityfocus.com/bid/18949
http://www.vupen.com/english/advisories/2006/2763
http://www.vupen.com/english/advisories/2006/2763
https://exchange.xforce.ibmcloud.com/vulnerabilities/27695
https://exchange.xforce.ibmcloud.com/vulnerabilities/27695