Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-5035

Опубликовано: 05 сент. 2013
Источник: nvd
CVSS2: 4.9
EPSS Низкий

Описание

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:htmlcleaner_project:htmlcleaner:*:*:*:*:*:*:*:*
Версия до 2.5 (включая)
cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.8:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:0.9:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.1:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.2:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.3:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.4:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.5:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.6:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.12:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.13:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:1.55:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.0:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.1:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:htmlcleaner_project:htmlcleaner:2.4:*:*:*:*:*:*:*
cpe:2.3:a:open-xchange:open-xchange_appsuite:7.2.2:*:*:*:*:*:*:*

EPSS

Процентиль: 33%
0.00132
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-362

Связанные уязвимости

github логотип

GHSA-pxp7-8mq7-mj6j

github
больше 3 лет назад

Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other persons in opportunistic circumstances by leveraging lack of thread safety and performing a rapid series of (1) mail-sending or (2) draft-saving operations.

EPSS

Процентиль: 33%
0.00132
Низкий

4.9 Medium

CVSS2

Дефекты

CWE-362