CVE-2005-1756

Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm	Patch Vendor Advisory
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm	Patch Vendor Advisory
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm	Patch Vendor Advisory
http://secunia.com/advisories/15644	Patch Vendor Advisory
http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm
http://www.securityfocus.com/bid/13926
http://www.osvdb.org/17240
http://www.vupen.com/english/advisories/2005/0727

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:novell:netmail:3.0.3a:a::::::
	cpe:2.3:a:novell:netmail:3.0.3a:b::::::
	cpe:2.3:a:novell:netmail:3.10:d::::::
	cpe:2.3:a:novell:netmail:3.10:e::::::
	cpe:2.3:a:novell:netmail:3.10:::::::*
	cpe:2.3:a:novell:netmail:3.10:a::::::
	cpe:2.3:a:novell:netmail:3.10:h::::::
	cpe:2.3:a:novell:netmail:3.5.2:a::::::
	cpe:2.3:a:novell:netmail:3.10:b::::::
	cpe:2.3:a:novell:netmail:3.10:c::::::
	cpe:2.3:a:novell:netmail:3.5.2:b::::::
	cpe:2.3:a:novell:netmail:3.1:::::::*
	cpe:2.3:a:novell:netmail:3.10:f::::::
	cpe:2.3:a:novell:netmail:3.10:g::::::
	cpe:2.3:a:novell:netmail:3.5.2:e-ftfl::::::
	cpe:2.3:a:novell:netmail:3.1:f::::::

Information

Published : 2005-06-07 21:00

Updated : 2011-03-07 18:22

NVD link : CVE-2005-1756

Mitre link : CVE-2005-1756

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

novell

netmail

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm", "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971588.htm", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm", "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971590.htm", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm", "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971591.htm", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/15644", "name": "15644", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm", "name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10097957.htm", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/13926", "name": "13926", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/17240", "name": "17240", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2005/0727", "name": "ADV-2005-0727", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-1756", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-06-08T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:novell:netmail:3.0.3a:a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.0.3a:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:d:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:e:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:h:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.5.2:a:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:c:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.5.2:b:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:f:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.10:g:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.5.2:e-ftfl:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:novell:netmail:3.1:f:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:22Z"}