Cross site scripting

2014-03-1414:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.

CPENameOperatorVersion
mail_gatewayeq3.1.5670
mail_gatewayeq<= 3.1-5741
mail_gatewayeq3.1.5673
mail_gatewayeq3.0
mail_gatewayeq3.1

Name	Operator	Version
mail_gateway	eq	3.1.5670
mail_gateway	eq	<= 3.1-5741
mail_gateway	eq	3.1.5673
mail_gateway	eq	3.0
mail_gateway	eq	3.1

References

proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component

seclists.org/fulldisclosure/2014/Mar/110

www.securityfocus.com/bid/66169