CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6196
https://notcve.org/view.php?id=CVE-2007-6196
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el fichero util.php de Calacode @Mail, en versiones anteriores a la 5.2. Permite que atacantes remotos inyecten, a su elección, código web o HTML, usando el parámetro func. • http://osvdb.org/38911 http://secunia.com/advisories/27837 http://terra.calacode.com/mail/docs/changelog.html http://www.securityfocus.com/bid/26635 http://www.securitytracker.com/id?1019013 https://exchange.xforce.ibmcloud.com/vulnerabilities/38758 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0842
https://notcve.org/view.php?id=CVE-2006-0842
Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java	script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/18874 http://www.osvdb.org/23236 http://www.securityfocus.com/bid/16683 http://www.vupen.com/english/advisories/2006/0617 https://exchange.xforce.ibmcloud.com/vulnerabilities/24742 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •