CVE-2006-0894

EPSS 2.6%

Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the html_error_occurred parameter in error.php, (2) html_filter_select parameter in filter_prefs.php, (3) html_no_mail parameter in no_mail.php, the (4) page_line, (5) prev, and (6) next parameters in html_bottom_table.php, and the (7) _SESSION['nocc_theme'] parameter in footer.php.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/27302unverified exploitdbwww.exploit-db.com/exploits/27299unverified exploitdbwww.exploit-db.com/exploits/27300unverified exploitdbwww.exploit-db.com/exploits/27301unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2006-02/0418.html http://retrogod.altervista.org/noccw_10_incl_xpl.html http://secunia.com/advisories/16921 http://securitytracker.com/id?1015671 http://www.osvdb.org/23423 http://www.osvdb.org/23424 http://www.osvdb.org/23425 http://www.osvdb.org/23426 http://www.osvdb.org/23427 http://www.securityfocus.com/bid/16793