Unrated severityNVD Advisory· Published Jul 13, 2006· Updated Apr 16, 2026

CVE-2006-3564

Description

Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.

Affected products

Hivemail/Hivemail2 versions
cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:hivemail:hivemail:1.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/20993nvdVendor Advisory
pridels0.blogspot.com/2006/07/hivemail-vuln.htmlnvd
securitytracker.com/idnvd
www.osvdb.org/27100nvd
www.osvdb.org/27101nvd
www.osvdb.org/27102nvd
www.osvdb.org/27103nvd
www.securityfocus.com/bid/18949nvd
www.vupen.com/english/advisories/2006/2763nvd
exchange.xforce.ibmcloud.com/vulnerabilities/27695nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000