Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2325

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2325
Last Modified 25 Mar 2014 08:42:03
Published 14 Mar 2014 10:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2325

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.

Vulnerable Systems

Application

  • Proxmox Mail Gateway 3.0

  • Proxmox Mail Gateway 3.1

  • Proxmox Mail Gateway 3.1-5670

  • Proxmox Mail Gateway 3.1-5673

  • Proxmox Mail Gateway 3.1-5741


References

CONFIRM - http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component

BID - 66169

FULLDISC - 20140312 Multiplus XSS in Proxmox Mail Gateway 3.1 (CVE-2014-2325)


Last Updated: 27 May 2016 11:04:42