NASLDB: Dada Mail Archived Message XSS
General
ID: 19679
Name: Dada Mail Archived Message XSS
Summary: Checks Dada Mail version
Credits: –
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Temporal Vector: CVSS2#E:H/RL:OF/RC:C
Port: 80
Family: CGI abuses : XSS
Type: Remote
Description
The remote web server is running Dada Mail, a free, email list
management system written in Perl.
According to its banner, the version of this software installed on the
remote host does not properly validate user written content before
submitting that data to the archiving system. A malicious user could
embed arbitrary JavaScript in archived messages to later be executed
in a user’s browser within the context of the affected web site.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: CVE-2005-2595
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2005/08/16
Patch Release: –
Plugin Release: 2005/09/12
Plugin
Version: 1.16
Filename: dada_mail_xss.nasl
Filesize: 2957 bytes
MD5 Hash: 576e879c9a1b7b425a583dfc07d841d4
Identification: –
Require Keys: –
Dependencies: "http_version.nasl"
Copyright: Copyright© 2005-2012 Josh Zlatin-Amishav
- Latest Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack