8 matches found
CVE-2022-37238
CVE-2022-37238 affects MDaemon Technologies SecurityGateway for Email Servers 8.5.2. The vulnerability is a Cross Site Scripting (XSS) flaw triggered via the currentRequest parameter . Root cause described in the sources is a reflected XSS condition in the parameter handling, with a CVSSv3.1 base...
CVE-2022-37242
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to an HTTP Response Splitting issue that is triggered via the data parameter. The PT Security entry specifies the affected software version (8.5.2) and notes that the issue arises from HTTP response splitting related to th...
CVE-2022-37241
CVE-2022-37241 affects MDaemon Technologies SecurityGateway for Email Servers (version 8.5.2). The vulnerability is a Cross Site Scripting (XSS) flaw exploitable via the data_leak_list_ajax endpoint. Documentation across sources consistently notes an XSS issue originating from this endpoint, with...
CVE-2022-37239
CVE-2022-37239 affects MDaemon Technologies SecurityGateway for Email Servers version 8.5.2. The vulnerability is a Cross Site Scripting (XSS) issue exposed via the rulles_list_ajax endpoint. Public details in connected documents consistently describe XSS via that API path and reference the 8.5.2...
CVE-2022-37245
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. The issue, confirmed by PT-2022-23889, indicates an XSS in the Blacklist endpoint that could allow injection of scripts into the page, potentially enabling data the...
CVE-2022-37243
CVE-2022-37243 affects MDaemon Technologies SecurityGateway for Email Servers 8.5.2. The issue is a Cross Site Scripting (XSS) vulnerability exploitable via the whitelist endpoint. Root cause details are not specified beyond the XSS via that endpoint. No exploit specifics or in-the-wild usage are...
CVE-2022-37240
The CVE-2022-37240 entry concerns MDaemon Technologies SecurityGateway for Email Servers (v8.5.2) and describes an HTTP Response Splitting flaw exploitable via the format parameter. Multiple connected sources corroborate the issue and specify the affected product/version, the vulnerable component...
CVE-2022-37244
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is affected by a vulnerability described as IFRAME Injection via the currentRequest parameter. The issue occurs after login and can lead to injection of malicious tags. A concrete description across connected sources specifies the vulne...