CVE-2014-2325

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
proxmoxmail_gateway
𝑥
≤ 3.1-5741
proxmoxmail_gateway
3.0
proxmoxmail_gateway
3.1
proxmoxmail_gateway
3.1-5670
proxmoxmail_gateway
3.1-5673
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component
http://seclists.org/fulldisclosure/2014/Mar/110
http://www.securityfocus.com/bid/66169
http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component
http://seclists.org/fulldisclosure/2014/Mar/110
http://www.securityfocus.com/bid/66169