Totemomail Security Vulnerabilities and Issues — Totemomail CVE List

Lucene search

TotemoTotemomail

6 matches found

CVE•added 2020/03/27 2:15 p.m.•97 views

CVE-2020-7918

An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration.

5.5CVSS5.3AI score0.0019EPSS

CVE•added 2024/05/18 10:15 p.m.•69 views

CVE-2024-28063

Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS.

6.1CVSS6.8AI score0.0016EPSS

CVE•added 2019/08/30 9:15 a.m.•28 views

CVE-2018-15511

Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6AI score0.00223EPSS

CVE•added 2019/08/30 9:15 a.m.•27 views

CVE-2018-15510

Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6AI score0.0012EPSS

CVE•added 2019/08/30 9:15 a.m.•26 views

CVE-2018-15512

Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6AI score0.00223EPSS

CVE•added 2019/08/30 9:15 a.m.•24 views

CVE-2018-15513

Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role.

5.3CVSS5AI score0.00206EPSS