Emu Webmail

CVEs (4)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2004-2334	Emumail Emu Webmail	0.03	—	0.01	Dec 31, 2004	Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
CVE-2004-2385	Emumail Emu Webmail	0.03	—	0.05	Dec 31, 2004	EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
CVE-2002-1527	Emumail Emu Webmail	0.03	—	0.04	Apr 2, 2003	emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
CVE-2002-1526	Emumail Emu Webmail	0.03	—	0.01	Apr 2, 2003	Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.

CVE-2004-2334Dec 31, 2004
Emumail
Emu Webmail
risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
CVE-2004-2385Dec 31, 2004
Emumail
Emu Webmail
risk 0.03cvss —epss 0.05
EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
CVE-2002-1527Apr 2, 2003
Emumail
Emu Webmail
risk 0.03cvss —epss 0.04
emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.
CVE-2002-1526Apr 2, 2003
Emumail
Emu Webmail
risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.