CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6196
https://notcve.org/view.php?id=CVE-2007-6196
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero util.php de Calacode @Mail, en versiones anteriores a la 5.2. Permite que atacantes remotos inyecten, a su elección, código web o HTML, usando el parámetro func. • http://osvdb.org/38911 http://secunia.com/advisories/27837 http://terra.calacode.com/mail/docs/changelog.html http://www.securityfocus.com/bid/26635 http://www.securitytracker.com/id?1019013 https://exchange.xforce.ibmcloud.com/vulnerabilities/38758 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-6700
https://notcve.org/view.php?id=CVE-2006-6700
Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en @Mail WebMail permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados. NOTA: esta información se basa en una pequeña información inicial. • http://secunia.com/advisories/23472 http://securitytracker.com/id?1017435 http://www.netragard.com/html/recent_research.html http://www.securityfocus.com/bid/21708 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0842
https://notcve.org/view.php?id=CVE-2006-0842
Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18874 http://www.osvdb.org/23236 http://www.securityfocus.com/bid/16683 http://www.vupen.com/english/advisories/2006/0617 https://exchange.xforce.ibmcloud.com/vulnerabilities/24742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •