CVE-2010-3201
Summary
| CVE | CVE-2010-3201 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2011-01-07 23:00:00 UTC |
| Updated | 2018-10-10 20:01:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Netwin | Surgemail | 1.0c | All | All | All |
| Application | Netwin | Surgemail | 1.0d | All | All | All |
| Application | Netwin | Surgemail | 1.1a | All | All | All |
| Application | Netwin | Surgemail | 1.1b | All | All | All |
| Application | Netwin | Surgemail | 1.1c | All | All | All |
| Application | Netwin | Surgemail | 1.1d | All | All | All |
| Application | Netwin | Surgemail | 1.2a | All | All | All |
| Application | Netwin | Surgemail | 1.2b | All | All | All |
| Application | Netwin | Surgemail | 1.2c | All | All | All |
| Application | Netwin | Surgemail | 1.3a | All | All | All |
| Application | Netwin | Surgemail | 1.3a_rc1 | All | All | All |
| Application | Netwin | Surgemail | 1.3b | All | All | All |
| Application | Netwin | Surgemail | 1.3c | All | All | All |
| Application | Netwin | Surgemail | 1.3d | All | All | All |
| Application | Netwin | Surgemail | 1.3e | All | All | All |
| Application | Netwin | Surgemail | 1.3f | All | All | All |
| Application | Netwin | Surgemail | 1.3g | All | All | All |
| Application | Netwin | Surgemail | 1.3h | All | All | All |
| Application | Netwin | Surgemail | 1.3i | All | All | All |
| Application | Netwin | Surgemail | 1.3j | All | All | All |
| Application | Netwin | Surgemail | 1.3k | All | All | All |
| Application | Netwin | Surgemail | 1.3l | All | All | All |
| Application | Netwin | Surgemail | 1.4a | All | All | All |
| Application | Netwin | Surgemail | 1.4b | All | All | All |
| Application | Netwin | Surgemail | 1.4c | All | All | All |
| Application | Netwin | Surgemail | 1.5a | All | All | All |
| Application | Netwin | Surgemail | 1.5b | All | All | All |
| Application | Netwin | Surgemail | 1.5c | All | All | All |
| Application | Netwin | Surgemail | 1.5d | All | All | All |
| Application | Netwin | Surgemail | 1.5d2 | All | All | All |
| Application | Netwin | Surgemail | 1.5f | All | All | All |
| Application | Netwin | Surgemail | 1.6a | All | All | All |
| Application | Netwin | Surgemail | 1.6b | All | All | All |
| Application | Netwin | Surgemail | 1.6d | All | All | All |
| Application | Netwin | Surgemail | 1.6e | All | All | All |
| Application | Netwin | Surgemail | 1.6e2 | All | All | All |
| Application | Netwin | Surgemail | 1.7a | All | All | All |
| Application | Netwin | Surgemail | 1.7b3 | All | All | All |
| Application | Netwin | Surgemail | 1.8a | All | All | All |
| Application | Netwin | Surgemail | 1.8b3 | All | All | All |
| Application | Netwin | Surgemail | 1.8d | All | All | All |
| Application | Netwin | Surgemail | 1.8e | All | All | All |
| Application | Netwin | Surgemail | 1.8f | All | All | All |
| Application | Netwin | Surgemail | 1.8g3 | All | All | All |
| Application | Netwin | Surgemail | 1.9 | All | All | All |
| Application | Netwin | Surgemail | 1.9b2 | All | All | All |
| Application | Netwin | Surgemail | 2.0a2 | All | All | All |
| Application | Netwin | Surgemail | 2.0c | All | All | All |
| Application | Netwin | Surgemail | 2.0e | All | All | All |
| Application | Netwin | Surgemail | 2.0g2 | All | All | All |
| Application | Netwin | Surgemail | 2.1a | All | All | All |
| Application | Netwin | Surgemail | 2.1c7 | All | All | All |
| Application | Netwin | Surgemail | 2.2a6 | All | All | All |
| Application | Netwin | Surgemail | 2.2c10 | All | All | All |
| Application | Netwin | Surgemail | 2.2c9 | All | All | All |
| Application | Netwin | Surgemail | 2.2g2 | All | All | All |
| Application | Netwin | Surgemail | 2.2g3 | All | All | All |
| Application | Netwin | Surgemail | 3.0a | All | All | All |
| Application | Netwin | Surgemail | 3.0c2 | All | All | All |
| Application | Netwin | Surgemail | 3.1s | All | All | All |
| Application | Netwin | Surgemail | 3.2e | All | All | All |
| Application | Netwin | Surgemail | 3.5a | All | All | All |
| Application | Netwin | Surgemail | 3.5b3 | All | All | All |
| Application | Netwin | Surgemail | 3.6d | All | All | All |
| Application | Netwin | Surgemail | 3.6f3 | All | All | All |
| Application | Netwin | Surgemail | 3.6f5 | All | All | All |
| Application | Netwin | Surgemail | 3.6f7 | All | All | All |
| Application | Netwin | Surgemail | 3.7b | All | All | All |
| Application | Netwin | Surgemail | 3.7b3 | All | All | All |
| Application | Netwin | Surgemail | 3.7b5 | All | All | All |
| Application | Netwin | Surgemail | 3.7b6 | All | All | All |
| Application | Netwin | Surgemail | 3.7b7 | All | All | All |
| Application | Netwin | Surgemail | 3.7b8 | All | All | All |
| Application | Netwin | Surgemail | 3.8a | All | All | All |
| Application | Netwin | Surgemail | 3.8b | All | All | All |
| Application | Netwin | Surgemail | 3.8d | All | All | All |
| Application | Netwin | Surgemail | 3.8f | All | All | All |
| Application | Netwin | Surgemail | 3.8f2 | All | All | All |
| Application | Netwin | Surgemail | 3.8f3 | All | All | All |
| Application | Netwin | Surgemail | 3.8i | All | All | All |
| Application | Netwin | Surgemail | 3.8i2 | All | All | All |
| Application | Netwin | Surgemail | 3.8i3 | All | All | All |
| Application | Netwin | Surgemail | 3.8k | All | All | All |
| Application | Netwin | Surgemail | 3.8k2 | All | All | All |
| Application | Netwin | Surgemail | 3.8k3 | All | All | All |
| Application | Netwin | Surgemail | 3.8k4 | All | All | All |
| Application | Netwin | Surgemail | 3.8m | All | All | All |
| Application | Netwin | Surgemail | 3.8o | All | All | All |
| Application | Netwin | Surgemail | 3.8q | All | All | All |
| Application | Netwin | Surgemail | 3.8s | All | All | All |
| Application | Netwin | Surgemail | 3.8u | All | All | All |
| Application | Netwin | Surgemail | 3.9a | All | All | All |
| Application | Netwin | Surgemail | 3.9c | All | All | All |
| Application | Netwin | Surgemail | 3.9e | All | All | All |
| Application | Netwin | Surgemail | 3.9g | All | All | All |
| Application | Netwin | Surgemail | 3.9g2 | All | All | All |
| Application | Netwin | Surgemail | 4.0a | All | All | All |
| Application | Netwin | Surgemail | 4.0k | All | All | All |
| Application | Netwin | Surgemail | 4.0u3 | All | All | All |
| Application | Netwin | Surgemail | 4.0u4 | All | All | All |
| Application | Netwin | Surgemail | 4.0v-8 | All | All | All |
| Application | Netwin | Surgemail | 4.2a2-2 | All | All | All |
| Application | Netwin | Surgemail | 4.2a2-3 | All | All | All |
| Application | Netwin | Surgemail | 4.2a3-3 | All | All | All |
| Application | Netwin | Surgemail | 4.2d-1 | All | All | All |
| Application | Netwin | Surgemail | 4.2d2-2 | All | All | All |
| Application | Netwin | Surgemail | 4.2d3-3 | All | All | All |
| Application | Netwin | Surgemail | beta_3.9a | All | All | All |
| Application | Netwin | Surgemail | 1.0c | All | All | All |
| Application | Netwin | Surgemail | 1.0d | All | All | All |
| Application | Netwin | Surgemail | 1.1a | All | All | All |
| Application | Netwin | Surgemail | 1.1b | All | All | All |
| Application | Netwin | Surgemail | 1.1c | All | All | All |
| Application | Netwin | Surgemail | 1.1d | All | All | All |
| Application | Netwin | Surgemail | 1.2a | All | All | All |
| Application | Netwin | Surgemail | 1.2b | All | All | All |
| Application | Netwin | Surgemail | 1.2c | All | All | All |
| Application | Netwin | Surgemail | 1.3a | All | All | All |
| Application | Netwin | Surgemail | 1.3a_rc1 | All | All | All |
| Application | Netwin | Surgemail | 1.3b | All | All | All |
| Application | Netwin | Surgemail | 1.3c | All | All | All |
| Application | Netwin | Surgemail | 1.3d | All | All | All |
| Application | Netwin | Surgemail | 1.3e | All | All | All |
| Application | Netwin | Surgemail | 1.3f | All | All | All |
| Application | Netwin | Surgemail | 1.3g | All | All | All |
| Application | Netwin | Surgemail | 1.3h | All | All | All |
| Application | Netwin | Surgemail | 1.3i | All | All | All |
| Application | Netwin | Surgemail | 1.3j | All | All | All |
| Application | Netwin | Surgemail | 1.3k | All | All | All |
| Application | Netwin | Surgemail | 1.3l | All | All | All |
| Application | Netwin | Surgemail | 1.4a | All | All | All |
| Application | Netwin | Surgemail | 1.4b | All | All | All |
| Application | Netwin | Surgemail | 1.4c | All | All | All |
| Application | Netwin | Surgemail | 1.5a | All | All | All |
| Application | Netwin | Surgemail | 1.5b | All | All | All |
| Application | Netwin | Surgemail | 1.5c | All | All | All |
| Application | Netwin | Surgemail | 1.5d | All | All | All |
| Application | Netwin | Surgemail | 1.5d2 | All | All | All |
| Application | Netwin | Surgemail | 1.5f | All | All | All |
| Application | Netwin | Surgemail | 1.6a | All | All | All |
| Application | Netwin | Surgemail | 1.6b | All | All | All |
| Application | Netwin | Surgemail | 1.6d | All | All | All |
| Application | Netwin | Surgemail | 1.6e | All | All | All |
| Application | Netwin | Surgemail | 1.6e2 | All | All | All |
| Application | Netwin | Surgemail | 1.7a | All | All | All |
| Application | Netwin | Surgemail | 1.7b3 | All | All | All |
| Application | Netwin | Surgemail | 1.8a | All | All | All |
| Application | Netwin | Surgemail | 1.8b3 | All | All | All |
| Application | Netwin | Surgemail | 1.8d | All | All | All |
| Application | Netwin | Surgemail | 1.8e | All | All | All |
| Application | Netwin | Surgemail | 1.8f | All | All | All |
| Application | Netwin | Surgemail | 1.8g3 | All | All | All |
| Application | Netwin | Surgemail | 1.9 | All | All | All |
| Application | Netwin | Surgemail | 1.9b2 | All | All | All |
| Application | Netwin | Surgemail | 2.0a2 | All | All | All |
| Application | Netwin | Surgemail | 2.0c | All | All | All |
| Application | Netwin | Surgemail | 2.0e | All | All | All |
| Application | Netwin | Surgemail | 2.0g2 | All | All | All |
| Application | Netwin | Surgemail | 2.1a | All | All | All |
| Application | Netwin | Surgemail | 2.1c7 | All | All | All |
| Application | Netwin | Surgemail | 2.2a6 | All | All | All |
| Application | Netwin | Surgemail | 2.2c10 | All | All | All |
| Application | Netwin | Surgemail | 2.2c9 | All | All | All |
| Application | Netwin | Surgemail | 2.2g2 | All | All | All |
| Application | Netwin | Surgemail | 2.2g3 | All | All | All |
| Application | Netwin | Surgemail | 3.0a | All | All | All |
| Application | Netwin | Surgemail | 3.0c2 | All | All | All |
| Application | Netwin | Surgemail | 3.1s | All | All | All |
| Application | Netwin | Surgemail | 3.2e | All | All | All |
| Application | Netwin | Surgemail | 3.5a | All | All | All |
| Application | Netwin | Surgemail | 3.5b3 | All | All | All |
| Application | Netwin | Surgemail | 3.6d | All | All | All |
| Application | Netwin | Surgemail | 3.6f3 | All | All | All |
| Application | Netwin | Surgemail | 3.6f5 | All | All | All |
| Application | Netwin | Surgemail | 3.6f7 | All | All | All |
| Application | Netwin | Surgemail | 3.7b | All | All | All |
| Application | Netwin | Surgemail | 3.7b3 | All | All | All |
| Application | Netwin | Surgemail | 3.7b5 | All | All | All |
| Application | Netwin | Surgemail | 3.7b6 | All | All | All |
| Application | Netwin | Surgemail | 3.7b7 | All | All | All |
| Application | Netwin | Surgemail | 3.7b8 | All | All | All |
| Application | Netwin | Surgemail | 3.8a | All | All | All |
| Application | Netwin | Surgemail | 3.8b | All | All | All |
| Application | Netwin | Surgemail | 3.8d | All | All | All |
| Application | Netwin | Surgemail | 3.8f | All | All | All |
| Application | Netwin | Surgemail | 3.8f2 | All | All | All |
| Application | Netwin | Surgemail | 3.8f3 | All | All | All |
| Application | Netwin | Surgemail | 3.8i | All | All | All |
| Application | Netwin | Surgemail | 3.8i2 | All | All | All |
| Application | Netwin | Surgemail | 3.8i3 | All | All | All |
| Application | Netwin | Surgemail | 3.8k | All | All | All |
| Application | Netwin | Surgemail | 3.8k2 | All | All | All |
| Application | Netwin | Surgemail | 3.8k3 | All | All | All |
| Application | Netwin | Surgemail | 3.8k4 | All | All | All |
| Application | Netwin | Surgemail | 3.8m | All | All | All |
| Application | Netwin | Surgemail | 3.8o | All | All | All |
| Application | Netwin | Surgemail | 3.8q | All | All | All |
| Application | Netwin | Surgemail | 3.8s | All | All | All |
| Application | Netwin | Surgemail | 3.8u | All | All | All |
| Application | Netwin | Surgemail | 3.9a | All | All | All |
| Application | Netwin | Surgemail | 3.9c | All | All | All |
| Application | Netwin | Surgemail | 3.9e | All | All | All |
| Application | Netwin | Surgemail | 3.9g | All | All | All |
| Application | Netwin | Surgemail | 3.9g2 | All | All | All |
| Application | Netwin | Surgemail | 4.0a | All | All | All |
| Application | Netwin | Surgemail | 4.0k | All | All | All |
| Application | Netwin | Surgemail | 4.0u3 | All | All | All |
| Application | Netwin | Surgemail | 4.0u4 | All | All | All |
| Application | Netwin | Surgemail | 4.0v-8 | All | All | All |
| Application | Netwin | Surgemail | 4.2a2-2 | All | All | All |
| Application | Netwin | Surgemail | 4.2a2-3 | All | All | All |
| Application | Netwin | Surgemail | 4.2a3-3 | All | All | All |
| Application | Netwin | Surgemail | 4.2d-1 | All | All | All |
| Application | Netwin | Surgemail | 4.2d2-2 | All | All | All |
| Application | Netwin | Surgemail | 4.2d3-3 | All | All | All |
| Application | Netwin | Surgemail | beta_3.9a | All | All | All |
| Application | Netwin | Surgemail | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SurgeMail SurgeWeb Cross Site Scripting Vulnerability | BID | www.securityfocus.com | Exploit |
| SurgeMail SurgeWeb "username_ex" Cross-Site Scripting Vulnerability - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Surgemail SurgeWeb 4.3e - Cross-Site Scripting - PHP webapps Exploit | EXPLOIT-DB | www.exploit-db.com | |
| 0×06 – NetWin Surgemail XSS « ICTSEC | MISC | ictsec.se | Exploit |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.