CVE-2007-5290
AfterLogic MailBee WebMail Pro 3.x - 'default.asp?mode2' Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en MailBee WebMail Pro versión 3.4 y anteriores; y posiblemente MailBee WebMail Pro ASP versiones anteriores a 3.4.64, WebMail Lite ASP versiones anteriores a 4.0.11 y WebMail Lite PHP versiones anteriores a 4.0.22; permite a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro mode en el archivo login.php y el (2) parámetro mode2 en el archivo default.asp en un modo advanced_login.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-10-05 First Exploit
- 2007-10-09 CVE Reserved
- 2007-10-09 CVE Published
- 2024-08-07 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=119161078031690&w=2 | Mailing List | |
| http://osvdb.org/37649 | Vdb Entry | |
| http://osvdb.org/37650 | Vdb Entry | |
| http://www.securityfocus.com/bid/25942 | Vdb Entry | |
| http://www.securitytracker.com/id?1018783 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36979 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/30642 | 2007-10-05 | |
| https://www.exploit-db.com/exploits/30641 | 2007-10-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/27073 | 2017-07-29 | |
| http://www.vupen.com/english/advisories/2007/3450 | 2017-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | * | lite_asp |
Affected
| ||||||
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | * | lite_php |
Affected
| ||||||
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | * | pro_asp |
Affected
| ||||||
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | 3.1 Search vendor "Afterlogic" for product "Mailbee Webmail" and version "3.1" | pro |
Affected
| ||||||
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | 3.2 Search vendor "Afterlogic" for product "Mailbee Webmail" and version "3.2" | pro |
Affected
| ||||||
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | 3.3 Search vendor "Afterlogic" for product "Mailbee Webmail" and version "3.3" | pro |
Affected
| ||||||
| Afterlogic Search vendor "Afterlogic" | Mailbee Webmail Search vendor "Afterlogic" for product "Mailbee Webmail" | 3.4 Search vendor "Afterlogic" for product "Mailbee Webmail" and version "3.4" | pro |
Affected
| ||||||