Webmail
by Imp
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-48974 | 0.04 | — | 0.03 | Feb 8, 2024 | Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter. | |||
| CVE-2002-1527 | 0.04 | — | 0.07 | Apr 2, 2003 | emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. | |||
| CVE-2007-2826 | 0.03 | — | 0.03 | May 22, 2007 | PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. | |||
| CVE-2002-1708 | 0.03 | — | 0.04 | Dec 31, 2002 | Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields. | |||
| CVE-2001-0857 | 0.03 | — | 0.03 | Dec 6, 2001 | Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter. | |||
| CVE-2002-0531 | 0.00 | — | 0.04 | Aug 12, 2002 | Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter. |
- CVE-2023-48974Feb 8, 2024risk 0.04cvss —epss 0.03
Cross Site Scripting vulnerability in Axigen WebMail prior to 10.3.3.61 allows a remote attacker to escalate privileges via a crafted script to the serverName_input parameter.
- CVE-2002-1527Apr 2, 2003risk 0.04cvss —epss 0.07
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
- CVE-2007-2826May 22, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter.
- CVE-2002-1708Dec 31, 2002risk 0.03cvss —epss 0.04
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
- CVE-2001-0857Dec 6, 2001risk 0.03cvss —epss 0.03
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
- CVE-2002-0531Aug 12, 2002risk 0.00cvss —epss 0.04
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.