Описание
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
Ссылки
- ExploitVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- ExploitVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:aeromail:aeromail:1.02:*:*:*:*:*:*:*
cpe:2.3:a:aeromail:aeromail:1.10:*:*:*:*:*:*:*
cpe:2.3:a:aeromail:aeromail:1.20:*:*:*:*:*:*:*
cpe:2.3:a:aeromail:aeromail:1.26:*:*:*:*:*:*:*
cpe:2.3:a:aeromail:aeromail:1.30:*:*:*:*:*:*:*
cpe:2.3:a:aeromail:aeromail:1.40:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.0108
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.
EPSS
Процентиль: 77%
0.0108
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other