MailReader < 2.3.36 network.cgi MIME Message XSS

low Nessus Network Monitor Plugin ID 2780

Synopsis

The remote host is vulnerable to an HTML injection attack.

Description

The remote host is running Mailreader, a web-based application which can be used to read email. This version of Mailreader is vulnerable to a remote HTML injection flaw. An attacker exploiting this flaw would need to be able to convince a Mailreader user to open a malicious email. Successful exploitation would result in the client running code within their browser that would seem to be originating from the Mailreader server.

Solution

Upgrade to version 2.3.36 or higher.

Plugin Details

Severity: Low

ID: 2780

Family: CGI

Published: 3/30/2005

Updated: 3/6/2019

Nessus ID: 17657

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Low

Base Score: 3.7

Temporal Score: 3.6

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:X

Vulnerability Information

CPE: cpe:/a:mailreader.com:mailreader.com

Reference Information

CVE: CVE-2005-0386

BID: 12945