CVE-2002-0411

Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html	Exploit Vendor Advisory
http://www.securityfocus.com/bid/4215	Patch Vendor Advisory
http://www.iss.net/security_center/static/8346.php	Patch Vendor Advisory
http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aeromail:aeromail:1.10:::::::*
	cpe:2.3:a:aeromail:aeromail:1.20:::::::*
	cpe:2.3:a:aeromail:aeromail:1.26:::::::*
	cpe:2.3:a:aeromail:aeromail:1.30:::::::*
	cpe:2.3:a:aeromail:aeromail:1.02:::::::*
	cpe:2.3:a:aeromail:aeromail:1.40:::::::*

Information

Published : 2002-08-11 21:00

Updated : 2008-09-05 13:27

NVD link : CVE-2002-0411

Mitre link : CVE-2002-0411

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

aeromail

aeromail

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.html", "name": "20020303 AeroMail multiple vulnerabilities", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/4215", "name": "4215", "tags": ["Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.iss.net/security_center/static/8346.php", "name": "aeromail-subject-css(8346)", "tags": ["Patch", "Vendor Advisory"], "refsource": "XF"}, {"url": "http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz", "name": "http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz", "tags": [], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0411", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-08-12T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:aeromail:aeromail:1.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aeromail:aeromail:1.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aeromail:aeromail:1.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aeromail:aeromail:1.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aeromail:aeromail:1.02:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:aeromail:aeromail:1.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:27Z"}