CVE-2005-3128
CVE-2005-3128
Vexday Risk Score
60Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 3.4%KEV nãoPoC públicaNuclei simMetasploit —Patch referenciado
Lifecycle
29 Sep 2005Public PoC
04 Oct 2005Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/26305unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://docs.info.apple.com/article.html?artnum=306172http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.htmlhttp://marc.info/?l=bugtraq&m=112801672520766&w=2http://moritz-naumann.com/adv/0002/sqmadd/0002.txthttp://secunia.com/advisories/16987/http://secunia.com/advisories/26235http://securitytracker.com/id?1014988https://exchange.xforce.ibmcloud.com/vulnerabilities/22453http://squirrelmail.org/plugin_view.php?id=101http://www.mandriva.com/security/advisories?name=MDKSA-2005:178http://www.securityfocus.com/bid/14973http://www.securityfocus.com/bid/25159