4 matches found
CVE-2021-43456
CVE-2021-43456 affects Rumble Mail Server 0.51.3135, where an unquoted service path in the RumbleService executable path creates a local privilege escalation vector. The vulnerability allows a local attacker to abuse the service image path and execute arbitrary code on the affected host. CVSS met...
CVE-2021-43462
CVE-2021-43462 is a Cross-Site Scripting (XSS) vulnerability in Rumble Mail Server 0.51.3135 exploitable via the username parameter. Public sources describe that an attacker could cause JavaScript execution on the client side. Several references (CNVD/CNNVD, Red Hat, CVE lists) confirm the affect...
CVE-2021-43459
Rumble Mail Server 0.51.3135 is vulnerable to Cross Site Scripting via the domain and path parameters. The root cause is missing data validation on user-supplied domain/path data, allowing injected JavaScript to execute in the client. Impact is client-side code execution with potential session or...
CVE-2021-43461
CVE-2021-43461 affects Rumble Mail Server 0.51.3135 and is a Cross-Site Scripting (XSS) flaw exploitable via the servername parameter. The CVE is documented in multiple feeds (NVD/NIST, Red Hat, CNVD, CVE List) with two metrics: CVSSv2 base score 3.5 (LOW) and CVSSv3.1 base score 5.4 (MEDIUM). No...