Ipswitch IMail up to 12.4.1.14 Group Details cross site scripting
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 3.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Ipswitch IMail up to 12.4.1.14. It has been rated as problematic. Impacted is an unknown function of the component Group Details Handler. This manipulation with the input GS!<IFRAME SRC="javascript:alert('XSS');"></IFRAME> causes cross site scripting.
This vulnerability is tracked as CVE-2014-3878. The attack is possible to be carried out remotely. Moreover, an exploit is present.
Upgrading the affected component is advised.
Details
A vulnerability classified as problematic was found in Ipswitch IMail up to 12.4.1.14 (Mail Server Software). Affected by this vulnerability is an unknown function of the component Group Details Handler. The manipulation with the input value GS!<IFRAME SRC="javascript:alert('XSS');"></IFRAME> leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. As an impact it is known to affect integrity.
The weakness was disclosed 06/03/2014 by Peru as IPSwitch IMail Server WEB client 12.4 persistent XSS as not defined mailinglist post (Full-Disclosure). It is possible to read the advisory at seclists.org. The public release has been coordinated in cooperation with Ipswitch. This vulnerability is known as CVE-2014-3878 since 05/27/2014. The exploitation appears to be easy. The attack can be launched remotely. The successful exploitation requires a single authentication. It demands that the victim is doing some kind of user interaction. Technical details and also a public exploit are known. The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.
A public exploit has been developed by Peru (Peru) in HTML/Javascript and been published immediately after the advisory. It is possible to download the exploit at seclists.org. It is declared as proof-of-concept. The vulnerability scanner Nessus provides a plugin with the ID 76490 (Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc. and running in the context r. The advisory illustrates:
A persistent XSS can be reached adding a new event in the Calendar; this event can be spread adding the Meeting Request option. Since, using this injection point, the XSS can be spread to other users, this is the most dangerous of the four and can be used to spoofing sessions and therefore compromising the attacked users account.
Upgrading to version 12.4.1.15 eliminates this vulnerability. The upgrade is hosted for download at imailserver.com. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at Exploit-DB (33633), Tenable (76490), SecurityFocus (BID 67830†), OSVDB (107700†) and SecurityTracker (ID 1030335†). The entries VDB-13449, VDB-13448 and VDB-13446 are pretty similar. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Vendor
Name
Version
- 12.4.1.0
- 12.4.1.1
- 12.4.1.2
- 12.4.1.3
- 12.4.1.4
- 12.4.1.5
- 12.4.1.6
- 12.4.1.7
- 12.4.1.8
- 12.4.1.9
- 12.4.1.10
- 12.4.1.11
- 12.4.1.12
- 12.4.1.13
- 12.4.1.14
License
Website
- Vendor: https://www.ipswitch.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 3.5VulDB Meta Temp Score: 3.2
VulDB Base Score: 3.5
VulDB Temp Score: 3.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Cross site scriptingCWE: CWE-79 / CWE-94 / CWE-74
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: Peru (Peru)
Programming Language: 🔍
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 76490
Nessus Name: Ipswitch IMail Server 11.x / 12.x < 12.4.1.15 Multiple Vulnerabilities (Heartbleed)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: IMail 12.4.1.15
Timeline
04/29/2014 🔍05/27/2014 🔍
06/03/2014 🔍
06/03/2014 🔍
06/03/2014 🔍
06/04/2014 🔍
06/05/2014 🔍
06/05/2014 🔍
06/05/2014 🔍
07/14/2014 🔍
08/16/2025 🔍
Sources
Vendor: ipswitch.comAdvisory: IPSwitch IMail Server WEB client 12.4 persistent XSS
Researcher: Peru
Status: Confirmed
Coordinated: 🔍
CVE: CVE-2014-3878 (🔍)
GCVE (CVE): GCVE-0-2014-3878
GCVE (VulDB): GCVE-100-13447
SecurityFocus: 67830 - IPSwitch IMail Server WEB client Multiple HTML Injection Vulnerabilities
OSVDB: 107700
SecurityTracker: 1030335
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 06/05/2014 14:24Updated: 08/16/2025 20:25
Changes: 06/05/2014 14:24 (82), 04/02/2019 20:12 (1), 06/20/2021 15:34 (3), 08/16/2025 20:25 (16)
Complete: 🔍
Cache ID: 216:8C0:103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.