QwikSec

Security Database

CVE

CWE

Training

CVE-2004-2548

Published: Nov 21, 2005

Modified: Aug 8, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

surgemail-username-xss(16320)

vdb-entry

x_refsource_XF

http://www.exploitlabs.com/files/advisories/EXPL-A-2004-002-surgmail.txt

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

20040603 Surgemail - Multiple Vulnerabilities

mailing-list

x_refsource_FULLDISC

third-party-advisory

x_refsource_SECUNIA

http://www.netwinsite.com/surgemail/help/updates.htm

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.