VYPR
Unrated severityNVD Advisory· Published Feb 18, 2006· Updated Jun 16, 2026

CVE-2006-0758

CVE-2006-0758

Description

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Hivemail/Hivemail11 versions
    cpe:2.3:a:hivemail:hivemail:1.1:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:hivemail:hivemail:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.2.1_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.2.1_rc:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.2_sp1:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.3_beta1:*:*:*:*:*:*:*
    • cpe:2.3:a:hivemail:hivemail:1.3_rc1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.3

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.