CVE-2014-2325
Published Mar 14, 2014
Last updated 11 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:proxmox:mail_gateway:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DC4E1B5-2BDC-41D1-9BE0-A4CE9834B459",
"versionEndIncluding": "3.1-5741"
},
{
"criteria": "cpe:2.3:a:proxmox:mail_gateway:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC141986-DB6C-4952-8CD3-77F4F8FC1726"
},
{
"criteria": "cpe:2.3:a:proxmox:mail_gateway:3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F63E8677-DF90-4183-80C4-55A71F2AAD2C"
},
{
"criteria": "cpe:2.3:a:proxmox:mail_gateway:3.1-5670:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "393A8DF0-2995-44CE-8C7A-007B197A06DE"
},
{
"criteria": "cpe:2.3:a:proxmox:mail_gateway:3.1-5673:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "238D7442-36C9-4733-8DB2-A45A666919D4"
}
],
"operator": "OR"
}
]
}
]