An exposure of sensitive information vulnerability exists in Jenkins Email Extension Plugin 2.61 and older in src/main/resources/hudson/plugins/emailext/ExtendedEmailPublisher/global.groovy and ExtendedEmailPublisherDescriptor.java that allows attackers with control of a Jenkins administrator's...
6.5CVSS
6.2AI Score
0.001EPSS
admin/functions/remote.php in Interspire Email Marketer through 6.1.6 has Server Side Request Forgery (SSRF) via a what=importurl&url= request with an http or https URL. This also allows reading local files with a file:...
6.5CVSS
6.4AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail...
6AI Score
0.002EPSS
The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to...
6.7AI Score
0.006EPSS
Email::Address module before 1.904 for Perl uses an inefficient regular expression, which allows remote attackers to cause a denial of service (CPU consumption) via vectors related to "backtracking into the phrase," a different vulnerability than...
6.3AI Score
0.039EPSS
The Contact Form Email plugin before 1.2.66 for WordPress allows wp-admin/admin.php item XSS, related to cp_admin_int_edition.inc.php in the "custom edition...
6.1CVSS
6.2AI Score
0.001EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown...
7.4AI Score
0.001EPSS
The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a...
6.5AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in...
5.4AI Score
0.001EPSS
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, does not disable the server-side session token upon the closing of the Management Console/Dashboard, which makes it easier for remote attackers to hijack sessions...
6.9AI Score
0.004EPSS
Unspecified vulnerability in McAfee Email Anti-virus (formerly WebShield SMTP) allows remote attackers to cause a denial of service via unknown...
6.8AI Score
0.002EPSS
The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified...
6.7AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance...
5.8AI Score
0.001EPSS
McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, accesses files with the privileges of the root user, which allows remote authenticated users to bypass intended permission settings by requesting a...
6.5AI Score
0.001EPSS
The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a field permission module and the field contact field formatter is set to the full or teaser display mode, does not properly check permissions, which allows remote attackers to email the stored address via unspecified...
6.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the Email Field module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the mailto...
5.9AI Score
0.001EPSS
Unspecified vulnerability in the GO Email Widget (com.gau.go.launcherex.gowidget.emailwidget) application 1.3.1, 1.8, and 1.81 for Android has unknown impact and attack...
6.7AI Score
0.002EPSS
The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these...
6AI Score
0.0004EPSS
The web framework on Cisco Web Security Appliance (WSA), Email Security Appliance (ESA), and Content Security Management Appliance (SMA) devices does not properly manage the state of HTTP and HTTPS sessions, which allows remote attackers to cause a denial of service (management GUI outage) via...
7AI Score
0.001EPSS
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure...
8.7AI Score
0.001EPSS
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified...
7.4AI Score
0.001EPSS
The management GUI in the web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-602; Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019; and Content Security Management Appliance.....
6.7AI Score
0.003EPSS
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550; Email Security Appliance devices before 7.1.5-104, 7.3 before 7.3.2-026, 7.5 before 7.5.2-203, and 7.6 before 7.6.3-019; and Content Security Management...
7.3AI Score
0.007EPSS
Cross-site request forgery (CSRF) vulnerability in the web framework on Cisco IronPort Web Security Appliance (WSA) devices, Email Security Appliance (ESA) devices, and Content Security Management Appliance (SMA) devices allows remote attackers to hijack the authentication of arbitrary users, aka.....
7.5AI Score
0.001EPSS
The IronPort Spam Quarantine (ISQ) component in the web framework in IronPort AsyncOS on Cisco Email Security Appliance devices before 7.1.5-106 and 7.3, 7.5, and 7.6 before 7.6.3-019 and Content Security Management Appliance devices before 7.9.1-102 and 8.0 before 8.0.0-404 allows remote...
6.8AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl parameter to campaign/campaignone.php; the (2) action, (3) campaignname, (4)...
6AI Score
0.001EPSS
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers to modify list or campaign...
7AI Score
0.003EPSS
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.7 does not have proper authorisation in some AJAX actions, which could allow high privilege users such as admin to perform blind SSRF on multisite installations for...
7.2CVSS
6.8AI Score
0.001EPSS
The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to...
9.8CVSS
9.2AI Score
0.002EPSS
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged...
7.8CVSS
7.5AI Score
0.0004EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest...
5.4CVSS
5.3AI Score
0.001EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME...
5.4CVSS
5.8AI Score
0.001EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist...
5.4CVSS
5.3AI Score
0.001EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax...
5.4CVSS
5.3AI Score
0.001EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist...
5.4CVSS
5.3AI Score
0.001EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax...
5.4CVSS
5.3AI Score
0.001EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data...
9.8CVSS
9.3AI Score
0.003EPSS
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format...
9.8CVSS
9.3AI Score
0.003EPSS
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive...
6.2CVSS
5.4AI Score
0.0004EPSS
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier...
7.5CVSS
7.5AI Score
0.001EPSS
Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure...
5.4CVSS
5.4AI Score
0.001EPSS
The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is...
4.8CVSS
4.8AI Score
0.001EPSS
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example....
4.8CVSS
4.8AI Score
0.001EPSS
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF...
6.5CVSS
6.3AI Score
0.001EPSS
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming...
7.5CVSS
7.4AI Score
0.001EPSS
The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is...
4.8CVSS
4.8AI Score
0.001EPSS
A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access...
7.7CVSS
7.5AI Score
0.001EPSS
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web...
9.8CVSS
9.6AI Score
0.004EPSS
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
6.5CVSS
6.3AI Score
0.001EPSS