CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-3429

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.9%

CVSS Severity

CVSS v2 Score 4.3

References

http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
http://marc.info/?l=bugtraq&m=113053680631151&w=2
http://securitytracker.com/id?1015117
http://www.osvdb.org/22682
http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22906
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html
http://marc.info/?l=bugtraq&m=113053680631151&w=2
http://securitytracker.com/id?1015117
http://www.osvdb.org/22682
http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22906

Products affected by CVE-2005-3429

Rockliffe » Mailsite Express » Version: Any

cpe:2.3:a:rockliffe:mailsite_express:*
Rockliffe » Mailsite Express » Version: 6.1.20

cpe:2.3:a:rockliffe:mailsite_express:6.1.20

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-3429

Products

Pricing

Contact Us