Vulnerability Description
Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogin.php, (2) Content-Type headers in HTML mails, and (3) HTML mail attachments.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amax Information Technologies | Magic Winmail Server | 4.2 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html
- http://secunia.com/advisories/16665Vendor Advisory
- http://secunia.com/secunia_research/2005-58/advisory/Vendor Advisory
- http://www.osvdb.org/20926
- http://www.osvdb.org/20927
- http://www.osvdb.org/20928
- http://www.securityfocus.com/bid/15493
- http://www.vupen.com/english/advisories/2005/2485
- http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0580.html
- http://secunia.com/advisories/16665Vendor Advisory
- http://secunia.com/secunia_research/2005-58/advisory/Vendor Advisory
- http://www.osvdb.org/20926
- http://www.osvdb.org/20927
- http://www.osvdb.org/20928
- http://www.securityfocus.com/bid/15493
FAQ
What is CVE-2005-3692?
CVE-2005-3692 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) retid parameter in badlogi...
How severe is CVE-2005-3692?
CVE-2005-3692 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3692?
Check the references section above for vendor advisories and patch information. Affected products include: Amax Information Technologies Magic Winmail Server.