製品・ソフトウェアに関する情報

JVN脆弱性詳細

AfterLogic MailBee WebMail Pro の check_login.asp におけるクロスサイトスクリプティングの脆弱性

Title	AfterLogic MailBee WebMail Pro の check_login.asp におけるクロスサイトスクリプティングの脆弱性
Summary	AfterLogic MailBee WebMail Pro の check_login.asp には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、username パラメータを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	April 17, 2007, midnight
Registration Date	June 26, 2012, 3:46 p.m.
Last Update	June 26, 2012, 3:46 p.m.

Affected System

AfterLogic

MailBee WebMail Pro 3.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-2061	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2061
National Vulnerability Database (NVD)
2	CVE-2007-2061	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-2061

ベンダー情報

No	Name	URL
AfterLogic
1	Top Page	http://www.afterlogic.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-2061

Summary	Cross-site scripting (XSS) vulnerability in check_login.asp in AfterLogic MailBee WebMail Pro 3.4 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Summary	Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en check_login.asp de AfterLogic MailBee WebMail Pro 3.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro username.
Publication Date	April 18, 2007, 12:19 p.m.
Registration Date	Jan. 29, 2021, 2:10 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:afterlogic:mailbee_webmail:3.4::pro:::::

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/34974	cve@mitre.org
2	http://secunia.com/advisories/24882	cve@mitre.org
3	http://securityreason.com/securityalert/2572	cve@mitre.org
4	http://www.majorsecurity.de/index_2.php?major_rls=major_rls44	cve@mitre.org
5	http://www.securityfocus.com/archive/1/465611/100/0/threaded	cve@mitre.org
6	http://www.securityfocus.com/bid/23481	cve@mitre.org
7	http://www.vupen.com/english/advisories/2007/1416	cve@mitre.org
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/33645	cve@mitre.org
9	http://osvdb.org/34974	af854a3a-2127-422b-91ae-364da2661108
10	http://secunia.com/advisories/24882	af854a3a-2127-422b-91ae-364da2661108
11	http://securityreason.com/securityalert/2572	af854a3a-2127-422b-91ae-364da2661108
12	http://www.majorsecurity.de/index_2.php?major_rls=major_rls44	af854a3a-2127-422b-91ae-364da2661108
13	http://www.securityfocus.com/archive/1/465611/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
14	http://www.securityfocus.com/bid/23481	af854a3a-2127-422b-91ae-364da2661108
15	http://www.vupen.com/english/advisories/2007/1416	af854a3a-2127-422b-91ae-364da2661108
16	https://exchange.xforce.ibmcloud.com/vulnerabilities/33645	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List