602Pro LAN SUITE index.html cross-site scripting

602pro-index-xss (15351) The risk level is classified as MediumMedium Risk

Description:

602Pro LAN SUITE is vulnerable to cross-site scripting. A remote attacker could embed malicious code in a specially-crafted URL request to the index.html script, which would be executed in the victim's Web browser within the security context of the hosting site, once the link is clicked.

Note: The vendor reports that this is not an actual vulnerability.


Consequences:

Gain Access

Remedy:

No remedy available as of September 1, 2014.

References:

  • BugTraq Mailing List, Sat Feb 28 2004 - 07:12:19 CST: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities.
  • BugTraq Mailing List, Wed Mar 10 2004 - 13:05:50 CST: Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities.
  • BID-9777: Software602 602Pro LAN Suite Web Mail Cross-Site Scripting Vulnerability
  • CVE-2004-0337: Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future.

Platforms Affected:

  • Software602 602Pro LAN SUITE

Reported:

Feb 28, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page