CVE-2002-1958
4.3
CVSS Score
Medium
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Link copied!
Description
Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.
CVSS Vector Details
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Affected Software Configurations
- a kmmail kmmail 1.0 * * * * * * *
- a kmmail kmmail 1.0a * * * * * * *
- a kmmail kmmail 1.0b * * * * * * *
Weaknesses (CWE)
- CWE-79
References & External Links
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-October/002207.html
- http://sourceforge.net/forum/forum.php?forum_id=191501
- http://www.iss.net/security_center/static/9507.php
- http://www.securityfocus.com/bid/5173
- http://www.securityfocus.com/bid/6013
- http://lists.grok.org.uk/pipermail/full-disclosure/2002-October/002207.html
- http://sourceforge.net/forum/forum.php?forum_id=191501
- http://www.iss.net/security_center/static/9507.php
- http://www.securityfocus.com/bid/5173
- http://www.securityfocus.com/bid/6013