Unrated severityNVD Advisory· Published Nov 2, 2005· Updated Apr 16, 2026

CVE-2005-3429

Description

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

Affected products

Rockliffe/Mailsite Express2 versions
cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:rockliffe:mailsite_express:*:*:*:*:*:*:*:*range: <=6.1.21
- cpe:2.3:a:rockliffe:mailsite_express:6.1.20:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.htmlnvdExploitPatch
www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdfnvdExploitPatchVendor Advisory
marc.infonvd
securitytracker.com/idnvd
www.osvdb.org/22682nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22906nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000