PT-2022-25536 · Opswat · Opswat Metadefender Icap Server

Name of the Vulnerable Software and Affected Versions: OPSWAT MetaDefender ICAP Server versions prior to 4.13.0 Description: A stored Cross-Site Scripting XSS issue allows attackers to execute arbitrary JavaScript or HTML due to the blocked page response. This enables attackers to potentially...

CVE-2022-32272

CVE-2022-32272 affects OPSWAT MetaDefender Core prior to 5.1.2, MetaDefender ICAP prior to 4.12.1, and MetaDefender Email Gateway Security prior to 5.6.1. The issue is due to incorrect access control, enabling privilege escalation. The Red Hat advisory and related sources confirm the same affecte...

CVE-2022-32273

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...

CVE-2018-16275

OPSWAT MetaDefender before v4.11.2 allows CSV injection...

CVE-2018-16275

CVE-2018-16275 affects OPSWAT MetaDefender prior to 4.11.2 and enables CSV injection. The connected sources consistently state the product and version boundary, identifying the vulnerability as CSV injection in that release line. The CVE details do not provide explicit exploit vectors beyond this...

CVE-2018-16275

OPSWAT MetaDefender before v4.11.2 allows CSV injection...