Lucene search
K

4 matches found

CVE
CVE
added 2018/04/07 5:0 p.m.56 views

CVE-2018-9330

The provided sources confirm a stored XSS vulnerability in Coremail XT3.0 (register.jsp), specifically via the third form field in a URI under register/. The OpenVAS entry refers to Coremail XT <= 3.0 Stored XSS Vulnerability, implying impact on older XT3.0 deployments. The NVD/NVD-derived ent...

5.4CVSS5.5AI score0.00531EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/08/29 3:29 p.m.29 views

CVE-2015-6942

Cross-site scripting XSS vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment...

6.1CVSS5.4AI score0.00906EPSS
Exploits3References1
CVE
CVE
added 2017/08/29 3:0 p.m.55 views

CVE-2015-6942

CVE-2015-6942 is an XSS vulnerability in Coremail XT3.0, where a hyperlink embedded in a document attachment can execute arbitrary script when the recipient previews the attachment. Public details indicate a stored XSS scenario via a hyperlink in the attachment, aligning with the Coremail XT3.0 c...

6.1CVSS5.4AI score0.00906EPSS
Exploits3References1Affected Software1
seebug.org
seebug.org
added 2015/09/16 12:0 a.m.55 views

Coremail一处存储型跨站脚本(有触发条件)

简要描述: Coremail一处存储型跨站脚本漏洞,已申请CVE编号:CVE-2015-6942 详细说明: 影响版本:XT3.0 其他版本未测试 测试步骤: 1.首先创建一个带有超链接的doc文档,超链接为"javascript:alert" 2.创建一封邮件并上传附件,然后发送给需要攻击的用户可发送给任意用户。 3.受害者如果在WebMail里打开邮件并在线预览doc文档时,点击超链接,即可执行攻击代码。 4.重新将文档中的超链接换成location.href方式获取Cookie的超连接的即可...

4.3CVSS5.9AI score0.00906EPSS
Exploits3
Rows per page
Query Builder