CVE-2014-2325

Published Mar 14, 2014

Last updated 3 months ago

CVSS info 4.3

Overview

Description: Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:proxmox:mail_gateway:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6DC4E1B5-2BDC-41D1-9BE0-A4CE9834B459",
            "versionEndIncluding": "3.1-5741"
          },
          {
            "criteria": "cpe:2.3:a:proxmox:mail_gateway:3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC141986-DB6C-4952-8CD3-77F4F8FC1726"
          },
          {
            "criteria": "cpe:2.3:a:proxmox:mail_gateway:3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F63E8677-DF90-4183-80C4-55A71F2AAD2C"
          },
          {
            "criteria": "cpe:2.3:a:proxmox:mail_gateway:3.1-5670:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "393A8DF0-2995-44CE-8C7A-007B197A06DE"
          },
          {
            "criteria": "cpe:2.3:a:proxmox:mail_gateway:3.1-5673:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "238D7442-36C9-4733-8DB2-A45A666919D4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References