Lucene search
K
Rumble Mail Server ProjectRumble Mail Server

4 matches found

CVE
CVE
added 2022/04/04 2:37 p.m.95 views

CVE-2021-43456

CVE-2021-43456 affects Rumble Mail Server 0.51.3135, where an unquoted service path in the RumbleService executable path creates a local privilege escalation vector. The vulnerability allows a local attacker to abuse the service image path and execute arbitrary code on the affected host. CVSS met...

7.8CVSS7.6AI score0.0044EPSS
CVE
CVE
added 2022/04/04 3:39 p.m.81 views

CVE-2021-43462

CVE-2021-43462 is a Cross-Site Scripting (XSS) vulnerability in Rumble Mail Server 0.51.3135 exploitable via the username parameter. Public sources describe that an attacker could cause JavaScript execution on the client side. Several references (CNVD/CNNVD, Red Hat, CVE lists) confirm the affect...

5.4CVSS5.2AI score0.00574EPSS
CVE
CVE
added 2022/04/04 3:1 p.m.76 views

CVE-2021-43459

Rumble Mail Server 0.51.3135 is vulnerable to Cross Site Scripting via the domain and path parameters. The root cause is missing data validation on user-supplied domain/path data, allowing injected JavaScript to execute in the client. Impact is client-side code execution with potential session or...

5.4CVSS5.2AI score0.00574EPSS
CVE
CVE
added 2022/04/04 3:34 p.m.75 views

CVE-2021-43461

CVE-2021-43461 affects Rumble Mail Server 0.51.3135 and is a Cross-Site Scripting (XSS) flaw exploitable via the servername parameter. The CVE is documented in multiple feeds (NVD/NIST, Red Hat, CNVD, CVE List) with two metrics: CVSSv2 base score 3.5 (LOW) and CVSSv3.1 base score 5.4 (MEDIUM). No...

5.4CVSS5.2AI score0.00574EPSS