CVE-2005-4209

Published: Dec 13, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.

Affected (2)

Products: Alt N: Mdaemon, Worldclient

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Alt N Mdaemon	Version 8.1.3
Alt N Worldclient	Version 8.1.3

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (8)

http://secunia.com/advisories/17990

Source: cve@mitre.org

ExploitVendor Advisory

http://www.ipomonis.com/advisories/mdaemon.zip

Source: cve@mitre.org

http://www.securityfocus.com/bid/15815

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/23551

Source: cve@mitre.org

http://secunia.com/advisories/17990

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.ipomonis.com/advisories/mdaemon.zip

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/15815

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/23551

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.