CVE-2004-1100

{"id": "CVE-2004-1100", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-01-10T05:00:00.000", "references": [{"url": "http://www.kb.cert.org/vuls/id/107998", "tags": ["US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/security_info/vuln_pr0410.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11596", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17953", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en mailpost.exe de MailPost 5.1.1sv y posiblemente versiones anteriores, cuando el modo de depuraci\u00f3n est\u00e1 activado, permite a atacantes remotos ejecutar script web o HTML mediante el par\u00e1metro append."}], "lastModified": "2017-07-11T01:30:44.480", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tips:mailpost:5.1.1sv:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "748001EF-B2A9-4E2E-80D9-235310723A93"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "Successful exploitation requires that debug mode is enabled."}