CVE-2005-1120

NameCVE-2005-1120
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1010-1
NVD severitymedium (attack range: remote)
Debian Bugs304525

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ilohamail (PTS)wheezy, jessie0.8.14-0rc3sid6.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ilohamailsource(unstable)0.8.14-0rc3sarge1medium304525
ilohamailsourcesarge0.8.14-0rc3sarge1mediumDSA-1010-1

Search for package or bug name: Reporting problems