Vulnerability Details CVE-2009-4743
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/58712
- http://secunia.com/advisories/36964
- http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt
- http://www.securityfocus.com/bid/36605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53672
- http://osvdb.org/58712
- http://secunia.com/advisories/36964
- http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt
- http://www.securityfocus.com/bid/36605
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53672
Products affected by CVE-2009-4743
-
cpe:2.3:a:afterlogic:webmail_pro:-
-
cpe:2.3:a:afterlogic:webmail_pro:4.5