Lucene search
K

71 matches found

OSV
OSV
added 2019/07/06 2:15 a.m.4 views

CVE-2019-1921

A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...

7.5CVSS6.8AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2019/07/06 1:25 a.m.11 views

CVE-2019-1921 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...

5.8CVSS7.3AI score0.01413EPSS
Exploits0References1
Prion
Prion
added 2019/05/30 8:29 p.m.23 views

Code injection

Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra...

4.3CVSS6AI score0.01333EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2019/05/30 7:21 p.m.26 views

CVE-2015-7609

Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra...

6AI score0.01333EPSS
Exploits1References5
OSV
OSV
added 2019/04/18 2:29 a.m.5 views

CVE-2019-1831

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker...

5.3CVSS6.2AI score0.01647EPSS
Exploits0References2
OSV
OSV
added 2019/04/12 6:29 p.m.4 views

CVE-2018-13137

The Events Manager plugin 5.9.4 for WordPress has XSS via the dbemeventreapprovedemailbody parameter to the wp-admin/edit.php?posttype=event&page=events-manager-options URI...

4.8CVSS5.8AI score0.01209EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2019/04/12 12:0 a.m.6 views

PT-2019-8926 · WordPress · Events Manager

Name of the Vulnerable Software and Affected Versions: Events Manager plugin version 5.9.4 Description: The issue concerns a cross-site scripting XSS problem. It is exploited via the dbem event reapproved email body parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options"...

4.8CVSS5.3AI score0.01209EPSS
Exploits1References7
OSV
OSV
added 2019/03/12 8:29 p.m.4 views

CVE-2019-9558

Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

6.1CVSS6.3AI score0.00986EPSS
Exploits2References1
OSV
OSV
added 2019/03/12 7:29 p.m.4 views

CVE-2019-9557

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

6.1CVSS6.3AI score0.00978EPSS
Exploits2References1
Prion
Prion
added 2019/03/12 7:29 p.m.13 views

Cross site scripting

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...

4.3CVSS6AI score0.00978EPSS
Exploits2References1Affected Software1
Packet Storm
Packet Storm
added 2019/03/04 12:0 a.m.65 views

Mailtraq WebMail 2.17.7.3550 Cross Site Scripting

Exploit Title: Persistent Cross Site Scripting XSS - Mailtraq WebMail version 2.17.7.3550 CVE: CVE-2019-9558 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.mailtraq.com/mail-server-software Category: webapps Attack Type: Remote Impact:...

6.4AI score0.00986EPSS
Exploits2
Vulnerability Lab
Vulnerability Lab
added 2018/06/17 12:0 a.m.45 views

Magento MarketPlace T1 - Bypass & Persistent Vulnerability

Document Title: =============== Magento MarketPlace T1 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1902 Release Date: ============= 2018-06-17 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

DEBIAN-CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

5.3CVSS8.9AI score0.01763EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/01/08 4:49 a.m.5 views

Mozilla: RSS Feed vulnerable to new line Injection

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

5.3CVSS7.3AI score0.01763EPSS
Exploits0References5
OSV
OSV
added 2017/12/29 12:0 a.m.2 views

UBUNTU-CVE-2017-7848

RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...

5.3CVSS6.8AI score0.01763EPSS
Exploits0References4
OSV
OSV
added 2017/07/25 5:29 p.m.4 views

CVE-2017-11617

Cross-site scripting XSS vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes...

6.1CVSS5.9AI score0.01025EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2016/04/25 12:0 a.m.31 views

C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting

Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.26 views

Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability

No description provided by source. ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2014/06/18 7:0 p.m.23 views

CVE-2012-2592

Cross-site scripting XSS vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email...

5.7AI score0.01824EPSS
Exploits2References4
Prion
Prion
added 2014/01/12 6:34 p.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...

4.3CVSS6.1AI score0.04373EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder