CVE-2017-11617

Опубликовано: 25 июл. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.

Ссылки

https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6
Vendor Advisory
https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/
Exploit
Technical Description
Third Party Advisory
https://help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6
Vendor Advisory
https://www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/
Exploit
Technical Description
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*

Версия до 7.8.0.1 (включая)

EPSS

Процентиль: 49%

0.0026

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-11617

CVSS3: 6.1

debian

больше 8 лет назад

Cross-site scripting (XSS) vulnerability in atmail prior to version 7. ...

GHSA-6q8g-q3ph-hxr6

CVSS3: 6.1

github

больше 3 лет назад

EPSS

Процентиль: 49%

0.0026

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79