Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emumail | Emu Webmail | 5.2.7 |
References
- http://members.lycos.co.uk/r34ct/main/emu/emu.txtExploitVendor Advisory
- http://secunia.com/advisories/11110Vendor Advisory
- http://securitytracker.com/id?1009397Exploit
- http://www.osvdb.org/4204Exploit
- http://www.osvdb.org/4972Exploit
- http://www.securityfocus.com/bid/9861Exploit
- http://www.zone-h.com/advisories/read/id=4141ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15451
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15452
- http://members.lycos.co.uk/r34ct/main/emu/emu.txtExploitVendor Advisory
- http://secunia.com/advisories/11110Vendor Advisory
- http://securitytracker.com/id?1009397Exploit
- http://www.osvdb.org/4204Exploit
- http://www.osvdb.org/4972Exploit
- http://www.securityfocus.com/bid/9861Exploit
FAQ
What is CVE-2004-2334?
CVE-2004-2334 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail....
How severe is CVE-2004-2334?
CVE-2004-2334 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2334?
Check the references section above for vendor advisories and patch information. Affected products include: Emumail Emu Webmail.