CVE-2014-3878 in IMailinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

05/27/2014

Disclosure

06/05/2014

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
13449	Ipswitch IMail Task cross site scripting	79	Proof-of-Concept	Official fix	CVE-2014-3878
13448	Ipswitch IMail Calendar cross site scripting	79	Proof-of-Concept	Official fix	CVE-2014-3878
13447	Ipswitch IMail Group Details cross site scripting	79	Proof-of-Concept	Official fix	CVE-2014-3878
13446	Ipswitch IMail Contact Details cross site scripting	79	Proof-of-Concept	Official fix	CVE-2014-3878

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸