返回 CVE 浏览器

CVE-2004-2447

MEDIUM

4.3

CVSS Severity Score

EPSS Score0.0610%

EPSS Percentile31.05th

Published2004年12月31日

Last Modified2026年4月16日

Vulnerability Description

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.

Affected Platforms (CPE)

📦

1st Class Internet Solutions

1st Class Mail Server

= 4.01

References & Advisories

🔗 http://secunia.com/advisories/11330

🔗 http://securitytracker.com/alerts/2004/Apr/1009705.html

🔗 http://www.osvdb.org/5012

🔗 http://www.osvdb.org/5013

🔗 http://www.osvdb.org/5014

🔗 http://www.osvdb.org/5015

🔗 http://www.osvdb.org/5016

🔗 http://www.osvdb.org/5017

相关漏洞威胁

CVE-2004-23757.5

Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and p...

CVE-2004-24465.0

Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot do...

CVE-2004-100610.0

Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via cer...

CVE-2004-090410.0

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird...