Netwin: >> Surgemail >> 1.8f Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
CVSS Score
4.3
EPSS Score
0.021
Published
2011-01-07
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
CVSS Score
10.0
EPSS Score
0.005
Published
2004-12-31
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
CVSS Score
4.3
EPSS Score
0.113
Published
2004-12-31