CyberSec.Space Logo
Back to CVE Browser

CVE-2004-2447

MEDIUM
4.3
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile31.05th
PublishedDec 31, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

Affected Platforms (CPE)

πŸ“¦
1st Class Internet Solutions

1st Class Mail Server

= 4.01

References & Advisories

πŸ”— http://secunia.com/advisories/11330
πŸ”— http://securitytracker.com/alerts/2004/Apr/1009705.html
πŸ”— http://www.osvdb.org/5012
πŸ”— http://www.osvdb.org/5013
πŸ”— http://www.osvdb.org/5014
πŸ”— http://www.osvdb.org/5015
πŸ”— http://www.osvdb.org/5016
πŸ”— http://www.osvdb.org/5017

Related Vulnerabilities

CVE-2004-23757.5

Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and p...

CVE-2004-24465.0

Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot do...

CVE-2004-058610.0

acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Dow...

CVE-2004-129910.0

Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a c...