Lucene search

[email protected]CVE-2008-2831

HistoryOct 02, 2008 - 6:18 p.m.

CVE-2008-2831

2008-10-0218:18:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-2831

xss

mailmarshal smtp

injection

web script

html

spam management

sqm

nvd

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders.

CPENameOperatorVersion
mailmarshal:smtpmailmarshal smtpeq6.0.3.8
mailmarshal:smtpmailmarshal smtple6.3.0.0
mailmarshal:smtpmailmarshal smtpeq*
mailmarshal:e10000_appliancemailmarshal e10000 applianceeq*

CPE	Name	Operator	Version
mailmarshal:smtp	mailmarshal smtp	eq	6.0.3.8
mailmarshal:smtp	mailmarshal smtp	le	6.3.0.0
mailmarshal:smtp	mailmarshal smtp	eq	*
mailmarshal:e10000_appliance	mailmarshal e10000 appliance	eq	*

References

secunia.com/advisories/32062

www.dcsl.ul.ie/marshal.htm

www.marshal.com/kb/article.aspx?id=12175

www.securityfocus.com/bid/31483

exchange.xforce.ibmcloud.com/vulnerabilities/45509

exchange.xforce.ibmcloud.com/vulnerabilities/45511

5.5 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.0%

JSON

Related for CVE-2008-2831

nessus1 prion1 cvelist1