CVE-2004-1719 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Merak	Mail Server

Configuration 1 [-]

cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=109279057326044&w=2
http://packetstormsecurity.nl/0408-exploits/merak527.txt
http://secunia.com/advisories/12269
http://securitytracker.com/id?1010969
http://www.osvdb.org/9037
http://www.osvdb.org/9038
http://www.osvdb.org/9039
http://www.osvdb.org/9040
http://www.osvdb.org/9041
http://www.osvdb.org/9042
http://www.securityfocus.com/bid/10966
https://exchange.xforce.ibmcloud.com/vulnerabilities/17024

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-02-26T05:00:00

Updated: 2024-08-08T01:00:36.974Z

Reserved: 2005-02-26T00:00:00

Link: CVE-2004-1719

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-08-17T04:00:00.000

Modified: 2017-07-11T01:31:17.357

Link: CVE-2004-1719

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-08-17T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.nl/0408-exploits/merak527.txt"}, {"name": "10966", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/10966"}, {"name": "1010969", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1010969"}, {"name": "20040817 Vulnerabilities in Merak Webmail Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109279057326044&w=2"}, {"name": "9040", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9040"}, {"name": "9041", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9041"}, {"name": "9037", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9037"}, {"name": "9042", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9042"}, {"name": "12269", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12269"}, {"name": "9038", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9038"}, {"name": "9039", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9039"}, {"name": "merak-xss(17024)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17024"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-1719", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://packetstormsecurity.nl/0408-exploits/merak527.txt", "refsource": "MISC", "url": "http://packetstormsecurity.nl/0408-exploits/merak527.txt"}, {"name": "10966", "refsource": "BID", "url": "http://www.securityfocus.com/bid/10966"}, {"name": "1010969", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1010969"}, {"name": "20040817 Vulnerabilities in Merak Webmail Server", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109279057326044&w=2"}, {"name": "9040", "refsource": "OSVDB", "url": "http://www.osvdb.org/9040"}, {"name": "9041", "refsource": "OSVDB", "url": "http://www.osvdb.org/9041"}, {"name": "9037", "refsource": "OSVDB", "url": "http://www.osvdb.org/9037"}, {"name": "9042", "refsource": "OSVDB", "url": "http://www.osvdb.org/9042"}, {"name": "12269", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12269"}, {"name": "9038", "refsource": "OSVDB", "url": "http://www.osvdb.org/9038"}, {"name": "9039", "refsource": "OSVDB", "url": "http://www.osvdb.org/9039"}, {"name": "merak-xss(17024)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17024"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:00:36.974Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.nl/0408-exploits/merak527.txt"}, {"name": "10966", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/10966"}, {"name": "1010969", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1010969"}, {"name": "20040817 Vulnerabilities in Merak Webmail Server", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=109279057326044&w=2"}, {"name": "9040", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/9040"}, {"name": "9041", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/9041"}, {"name": "9037", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/9037"}, {"name": "9042", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/9042"}, {"name": "12269", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/12269"}, {"name": "9038", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/9038"}, {"name": "9039", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/9039"}, {"name": "merak-xss(17024)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17024"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-1719", "datePublished": "2005-02-26T05:00:00", "dateReserved": "2005-02-26T00:00:00", "dateUpdated": "2024-08-08T01:00:36.974Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:merak:mail_server:7.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "A995EEE4-9707-4FD6-9624-1168258CE0D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message."}], "id": "CVE-2004-1719", "lastModified": "2017-07-11T01:31:17.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-08-17T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109279057326044&w=2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://packetstormsecurity.nl/0408-exploits/merak527.txt"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/12269"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1010969"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/9037"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/9038"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/9039"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/9040"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/9041"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.osvdb.org/9042"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.securityfocus.com/bid/10966"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17024"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}