Vulnerability Description
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Aeromail | Aeromail | 1.02 |
References
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.htmlExploitVendor Advisory
- http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
- http://www.iss.net/security_center/static/8346.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4215PatchVendor Advisory
- http://archives.neohapsis.com/archives/bugtraq/2002-03/0004.htmlExploitVendor Advisory
- http://the.cushman.net/projects/aeromail/download/aeromail-1.45.tar.gz
- http://www.iss.net/security_center/static/8346.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4215PatchVendor Advisory
FAQ
What is CVE-2002-0411?
CVE-2002-0411 is a vulnerability with a CVSS score of 7.5 (HIGH). Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
How severe is CVE-2002-0411?
CVE-2002-0411 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0411?
Check the references section above for vendor advisories and patch information. Affected products include: Aeromail Aeromail.