exploitDog

CVE-2010-5340

Опубликовано: 11 окт. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

Ссылки

https://vuldb.com/?id.142993
Permissions Required
Third Party Advisory
https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602
Third Party Advisory
https://vuldb.com/?id.142993
Permissions Required
Third Party Advisory
https://www.gosecurity.ch/component/content/article/12-services/gosecuritynews/fachartikel/169-gosecurity-advisory-2010120602
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:icewarp:webclient:*:*:*:*:*:*:*:*

Версия от 10.0 (включая) до 10.2.1 (исключая)

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-gg32-6jrc-jc23

CVSS3: 6.1

github

почти 4 года назад

IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.

EPSS

Процентиль: 43%

0.0021

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79