CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 2CVE-2007-5290 – AfterLogic MailBee WebMail Pro 3.x - 'default.asp?mode2' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-5290
09 Oct 2007 — Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en MailBee WebMail Pro versión 3.4 y anteriores; y posiblemente Ma... • https://www.exploit-db.com/exploits/30642 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 6%CPEs: 1EXPL: 3CVE-2007-2061 – MailBee WebMail Pro 3.4 - 'Check_login.asp' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2061
18 Apr 2007 — Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en check_login.asp de AfterLogic MailBee WebMail Pro 3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro username. • https://www.exploit-db.com/exploits/29851 •