Vulnerabilities > CVE-2006-3564 - Input Validation vulnerability in Hivemail 1.2/1.3
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
hivemail
Summary
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
References
- http://pridels0.blogspot.com/2006/07/hivemail-vuln.html
- http://secunia.com/advisories/20993
- http://securitytracker.com/id?1016531
- http://www.osvdb.org/27100
- http://www.osvdb.org/27101
- http://www.osvdb.org/27102
- http://www.osvdb.org/27103
- http://www.securityfocus.com/bid/18949
- http://www.vupen.com/english/advisories/2006/2763
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27695