CVE-2006-3564

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3564
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://pridels0.blogspot.com/2006/07/hivemail-vuln.html
http://secunia.com/advisories/20993 Vendor Advisory
http://securitytracker.com/id?1016531
http://www.osvdb.org/27100
http://www.osvdb.org/27101
http://www.osvdb.org/27102
http://www.osvdb.org/27103
http://www.securityfocus.com/bid/18949
http://www.vupen.com/english/advisories/2006/2763
https://exchange.xforce.ibmcloud.com/vulnerabilities/27695
http://pridels0.blogspot.com/2006/07/hivemail-vuln.html
http://secunia.com/advisories/20993 Vendor Advisory
http://securitytracker.com/id?1016531
http://www.osvdb.org/27100
http://www.osvdb.org/27101
http://www.osvdb.org/27102
http://www.osvdb.org/27103
http://www.securityfocus.com/bid/18949
http://www.vupen.com/english/advisories/2006/2763
https://exchange.xforce.ibmcloud.com/vulnerabilities/27695
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hivemail:hivemail:1.2:*:*:*:*:*:*:*
cpe:2.3:a:hivemail:hivemail:1.3:*:*:*:*:*:*:*
History

21 Nov 2024, 00:13

Type Values Removed Values Added
References () http://pridels0.blogspot.com/2006/07/hivemail-vuln.html - () http://pridels0.blogspot.com/2006/07/hivemail-vuln.html -
References () http://secunia.com/advisories/20993 - Vendor Advisory () http://secunia.com/advisories/20993 - Vendor Advisory
References () http://securitytracker.com/id?1016531 - () http://securitytracker.com/id?1016531 -
References () http://www.osvdb.org/27100 - () http://www.osvdb.org/27100 -
References () http://www.osvdb.org/27101 - () http://www.osvdb.org/27101 -
References () http://www.osvdb.org/27102 - () http://www.osvdb.org/27102 -
References () http://www.osvdb.org/27103 - () http://www.osvdb.org/27103 -
References () http://www.securityfocus.com/bid/18949 - () http://www.securityfocus.com/bid/18949 -
References () http://www.vupen.com/english/advisories/2006/2763 - () http://www.vupen.com/english/advisories/2006/2763 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/27695 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/27695 -
Information

Published : 2006-07-13 01:05

Updated : 2025-04-03 01:03

NVD link : CVE-2006-3564

Mitre link : CVE-2006-3564

CVE.ORG link : CVE-2006-3564

JSON object : View

Products Affected

hivemail

  • hivemail
CWE
NVD-CWE-Other