CVE-2008-5734

{"id": "CVE-2008-5734", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-12-26T17:30:00.767", "references": [{"url": "http://blog.vijatov.com/index.php?itemid=11", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/50885", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32770", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32969", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47533", "source": "cve@mitre.org"}, {"url": "http://blog.vijatov.com/index.php?itemid=11", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/50885", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32770", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32969", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47533", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en WebMail Pro en IceWarp Software Merak Mail Server 9.3.2 permite a atacantes remotos inyectar secuencias de comandos web de su elecci\u00f3n o HTML mediante un elementos IMG en un mensaje e-mail en formato HTML."}], "lastModified": "2024-11-21T00:54:46.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:icewarp:merak_mail_server:9.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E96027B1-E22E-4CFA-99B6-75C87E6AD990"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}