CVE-2004-1669

medium

Description

Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17313

http://www.securityfocus.com/bid/11371

http://secunia.com/advisories/12789

http://marc.info/?l=bugtraq&m=109483971420067&w=2

Details

Source: Mitre, NVD

Published: 2004-09-10

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium