CVE-2005-3692

medium

Description

Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.

References

http://www.vupen.com/english/advisories/2005/2485

http://www.securityfocus.com/bid/15493

http://www.osvdb.org/20928

http://www.osvdb.org/20927

http://www.osvdb.org/20926

http://secunia.com/secunia_research/2005-58/advisory/

http://secunia.com/advisories/16665

http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html

Details

Source: Mitre, NVD

Published: 2005-11-19

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium