CVE-2007-5290 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Afterlogic	Mailbee Webmail

Configuration 1 [-]

OR	cpe:2.3:a:afterlogic:mailbee_webmail:::lite_asp:::::*
	cpe:2.3:a:afterlogic:mailbee_webmail:::lite_php:::::*
	cpe:2.3:a:afterlogic:mailbee_webmail:::pro_asp:::::*
	cpe:2.3:a:afterlogic:mailbee_webmail:3.1::pro:::::
	cpe:2.3:a:afterlogic:mailbee_webmail:3.2::pro:::::
	cpe:2.3:a:afterlogic:mailbee_webmail:3.3::pro:::::
	cpe:2.3:a:afterlogic:mailbee_webmail:3.4::pro:::::

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=119161078031690&w=2
http://osvdb.org/37649
http://osvdb.org/37650
http://secunia.com/advisories/27073
http://www.securityfocus.com/bid/25942
http://www.securitytracker.com/id?1018783
http://www.vupen.com/english/advisories/2007/3450
https://exchange.xforce.ibmcloud.com/vulnerabilities/36979

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-09T18:00:00

Updated: 2024-08-07T15:24:42.447Z

Reserved: 2007-10-09T00:00:00

Link: CVE-2007-5290

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-10-09T18:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-5290

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-10-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2007-3450", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3450"}, {"name": "37649", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37649"}, {"name": "1018783", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018783"}, {"name": "37650", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/37650"}, {"name": "25942", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25942"}, {"name": "20071005 Reporting Vulnerable Public Web mail", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=119161078031690&w=2"}, {"name": "27073", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27073"}, {"name": "mailbee-login-default-xss(36979)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36979"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5290", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2007-3450", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3450"}, {"name": "37649", "refsource": "OSVDB", "url": "http://osvdb.org/37649"}, {"name": "1018783", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018783"}, {"name": "37650", "refsource": "OSVDB", "url": "http://osvdb.org/37650"}, {"name": "25942", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25942"}, {"name": "20071005 Reporting Vulnerable Public Web mail", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=119161078031690&w=2"}, {"name": "27073", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27073"}, {"name": "mailbee-login-default-xss(36979)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36979"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:24:42.447Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2007-3450", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3450"}, {"name": "37649", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37649"}, {"name": "1018783", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1018783"}, {"name": "37650", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/37650"}, {"name": "25942", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25942"}, {"name": "20071005 Reporting Vulnerable Public Web mail", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=119161078031690&w=2"}, {"name": "27073", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27073"}, {"name": "mailbee-login-default-xss(36979)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36979"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5290", "datePublished": "2007-10-09T18:00:00", "dateReserved": "2007-10-09T00:00:00", "dateUpdated": "2024-08-07T15:24:42.447Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:lite_asp:*:*:*:*:*", "matchCriteriaId": "3A8427BA-F674-448F-B85A-1274A2A83625", "vulnerable": true}, {"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:lite_php:*:*:*:*:*", "matchCriteriaId": "F293CBDB-9BB5-44B5-AF1E-8B88C93FD4E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:*:*:pro_asp:*:*:*:*:*", "matchCriteriaId": "4A9D398F-8127-4424-892E-CB3E630D1A2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.1:*:pro:*:*:*:*:*", "matchCriteriaId": "320A2B3F-65FD-40F4-9974-83E6B0277BF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.2:*:pro:*:*:*:*:*", "matchCriteriaId": "0769007D-0A58-4260-A988-BCD8B672D21C", "vulnerable": true}, {"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.3:*:pro:*:*:*:*:*", "matchCriteriaId": "E59B1B2D-1FE3-4799-9D49-DDF35CA80616", "vulnerable": true}, {"criteria": "cpe:2.3:a:afterlogic:mailbee_webmail:3.4:*:pro:*:*:*:*:*", "matchCriteriaId": "A4ED969C-C4FE-4960-B811-7BCACA24C181", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en MailBee WebMail Pro versi\u00f3n 3.4 y anteriores; y posiblemente MailBee WebMail Pro ASP versiones anteriores a 3.4.64, WebMail Lite ASP versiones anteriores a 4.0.11 y WebMail Lite PHP versiones anteriores a 4.0.22; permite a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) par\u00e1metro mode en el archivo login.php y el (2) par\u00e1metro mode2 en el archivo default.asp en un modo advanced_login."}], "id": "CVE-2007-5290", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-10-09T18:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=119161078031690&w=2"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37649"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/37650"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27073"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25942"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018783"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3450"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=119161078031690&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37649"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/37650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27073"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/25942"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1018783"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2007/3450"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36979"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}