Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
2011-01-07T23:00:02.250
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | netwin | surgemail | ≤ 4.2d4-4 | Yes |
| Application | netwin | surgemail | 1.0c | Yes |
| Application | netwin | surgemail | 1.0d | Yes |
| Application | netwin | surgemail | 1.1a | Yes |
| Application | netwin | surgemail | 1.1b | Yes |
| Application | netwin | surgemail | 1.1c | Yes |
| Application | netwin | surgemail | 1.1d | Yes |
| Application | netwin | surgemail | 1.2a | Yes |
| Application | netwin | surgemail | 1.2b | Yes |
| Application | netwin | surgemail | 1.2c | Yes |
| Application | netwin | surgemail | 1.3a | Yes |
| Application | netwin | surgemail | 1.3a_rc1 | Yes |
| Application | netwin | surgemail | 1.3b | Yes |
| Application | netwin | surgemail | 1.3c | Yes |
| Application | netwin | surgemail | 1.3d | Yes |
| Application | netwin | surgemail | 1.3e | Yes |
| Application | netwin | surgemail | 1.3f | Yes |
| Application | netwin | surgemail | 1.3g | Yes |
| Application | netwin | surgemail | 1.3h | Yes |
| Application | netwin | surgemail | 1.3i | Yes |
| Application | netwin | surgemail | 1.3j | Yes |
| Application | netwin | surgemail | 1.3k | Yes |
| Application | netwin | surgemail | 1.3l | Yes |
| Application | netwin | surgemail | 1.4a | Yes |
| Application | netwin | surgemail | 1.4b | Yes |
| Application | netwin | surgemail | 1.4c | Yes |
| Application | netwin | surgemail | 1.5a | Yes |
| Application | netwin | surgemail | 1.5b | Yes |
| Application | netwin | surgemail | 1.5c | Yes |
| Application | netwin | surgemail | 1.5d | Yes |
| Application | netwin | surgemail | 1.5d2 | Yes |
| Application | netwin | surgemail | 1.5f | Yes |
| Application | netwin | surgemail | 1.6a | Yes |
| Application | netwin | surgemail | 1.6b | Yes |
| Application | netwin | surgemail | 1.6d | Yes |
| Application | netwin | surgemail | 1.6e | Yes |
| Application | netwin | surgemail | 1.6e2 | Yes |
| Application | netwin | surgemail | 1.7a | Yes |
| Application | netwin | surgemail | 1.7b3 | Yes |
| Application | netwin | surgemail | 1.8a | Yes |
| Application | netwin | surgemail | 1.8b3 | Yes |
| Application | netwin | surgemail | 1.8d | Yes |
| Application | netwin | surgemail | 1.8e | Yes |
| Application | netwin | surgemail | 1.8f | Yes |
| Application | netwin | surgemail | 1.8g3 | Yes |
| Application | netwin | surgemail | 1.9 | Yes |
| Application | netwin | surgemail | 1.9b2 | Yes |
| Application | netwin | surgemail | 2.0a2 | Yes |
| Application | netwin | surgemail | 2.0c | Yes |
| Application | netwin | surgemail | 2.0e | Yes |
| Application | netwin | surgemail | 2.0g2 | Yes |
| Application | netwin | surgemail | 2.1a | Yes |
| Application | netwin | surgemail | 2.1c7 | Yes |
| Application | netwin | surgemail | 2.2a6 | Yes |
| Application | netwin | surgemail | 2.2c9 | Yes |
| Application | netwin | surgemail | 2.2c10 | Yes |
| Application | netwin | surgemail | 2.2g2 | Yes |
| Application | netwin | surgemail | 2.2g3 | Yes |
| Application | netwin | surgemail | 3.0a | Yes |
| Application | netwin | surgemail | 3.0c2 | Yes |
| Application | netwin | surgemail | 3.1s | Yes |
| Application | netwin | surgemail | 3.2e | Yes |
| Application | netwin | surgemail | 3.5a | Yes |
| Application | netwin | surgemail | 3.5b3 | Yes |
| Application | netwin | surgemail | 3.6d | Yes |
| Application | netwin | surgemail | 3.6f3 | Yes |
| Application | netwin | surgemail | 3.6f5 | Yes |
| Application | netwin | surgemail | 3.6f7 | Yes |
| Application | netwin | surgemail | 3.7b | Yes |
| Application | netwin | surgemail | 3.7b3 | Yes |
| Application | netwin | surgemail | 3.7b5 | Yes |
| Application | netwin | surgemail | 3.7b6 | Yes |
| Application | netwin | surgemail | 3.7b7 | Yes |
| Application | netwin | surgemail | 3.7b8 | Yes |
| Application | netwin | surgemail | 3.8a | Yes |
| Application | netwin | surgemail | 3.8b | Yes |
| Application | netwin | surgemail | 3.8d | Yes |
| Application | netwin | surgemail | 3.8f | Yes |
| Application | netwin | surgemail | 3.8f2 | Yes |
| Application | netwin | surgemail | 3.8f3 | Yes |
| Application | netwin | surgemail | 3.8i | Yes |
| Application | netwin | surgemail | 3.8i2 | Yes |
| Application | netwin | surgemail | 3.8i3 | Yes |
| Application | netwin | surgemail | 3.8k | Yes |
| Application | netwin | surgemail | 3.8k2 | Yes |
| Application | netwin | surgemail | 3.8k3 | Yes |
| Application | netwin | surgemail | 3.8k4 | Yes |
| Application | netwin | surgemail | 3.8m | Yes |
| Application | netwin | surgemail | 3.8o | Yes |
| Application | netwin | surgemail | 3.8q | Yes |
| Application | netwin | surgemail | 3.8s | Yes |
| Application | netwin | surgemail | 3.8u | Yes |
| Application | netwin | surgemail | 3.9a | Yes |
| Application | netwin | surgemail | 3.9c | Yes |
| Application | netwin | surgemail | 3.9e | Yes |
| Application | netwin | surgemail | 3.9g | Yes |
| Application | netwin | surgemail | 3.9g2 | Yes |
| Application | netwin | surgemail | 4.0a | Yes |
| Application | netwin | surgemail | 4.0k | Yes |
| Application | netwin | surgemail | 4.0u3 | Yes |
| Application | netwin | surgemail | 4.0u4 | Yes |
| Application | netwin | surgemail | 4.0v-8 | Yes |
| Application | netwin | surgemail | 4.2a2-2 | Yes |
| Application | netwin | surgemail | 4.2a2-3 | Yes |
| Application | netwin | surgemail | 4.2a3-3 | Yes |
| Application | netwin | surgemail | 4.2d-1 | Yes |
| Application | netwin | surgemail | 4.2d2-2 | Yes |
| Application | netwin | surgemail | 4.2d3-3 | Yes |
| Application | netwin | surgemail | beta_3.9a | Yes |