CVE-2023-39223

2024-03-1800:32:44

jpcert

www.cve.org

cgis

stored cross-site scripting

pmailserver/pmailserver2

6.1 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software’s PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user’s web browser.

CNA Affected

[
  {
    "vendor": "A.K.I Software",
    "product": "pmc.exe",
    "versions": [
      {
        "version": "2.5.1.720 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmam.exe",
    "versions": [
      {
        "version": "2.5.1.1411 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmum.exe (Standard edition)",
    "versions": [
      {
        "version": "2.5.1.25451 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmum.exe (Pro edition)",
    "versions": [
      {
        "version": "2.5.1.25452 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmum.exe (Standard + IMAP4 edition)",
    "versions": [
      {
        "version": "2.5.1.25453 and earlier ",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "A.K.I Software",
    "product": "pmum.exe (Pro + IMAP4 edition / Enterprise edition)",
    "versions": [
      {
        "version": "2.5.1.25454 and earlier ",
        "status": "affected"
      }
    ]
  }
]

References

akisoftware.com/Vulnerability202301.html

jvn.jp/en/jp/JVN92720882/