CVE-2022-37244

Опубликовано: 25 авг. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.

Ссылки

https://files.mdaemon.com/securitygateway/release/relnotes_en.htm
Vendor Advisory
https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf
Exploit
Third Party Advisory
https://files.mdaemon.com/securitygateway/release/relnotes_en.htm
Vendor Advisory
https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:altn:security_gateway_for_email_servers:8.5.2:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00548

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4c36-rwf6-qrpp