Cross-Site Scripting Vulnerability in NetWin SurgeMail by NetWin
CVE-2012-2575

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail
Vendor: CVE Published:; 17 September 2012

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2012-2575?

A cross-site scripting vulnerability exists in NetWin SurgeMail 6.0a4, enabling remote attackers to inject arbitrary web scripts or HTML. This can occur through the SRC attribute of an IFRAME element embedded in the body of an HTML email message, potentially compromising user data and enabling various malicious activities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-2575 - Proof of Concept

References

http://www.exploit-db.com/exploits/20363/

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
🟡
Public PoC available
Sep 17, 2012
👾
Exploit known to exist
Sep 17, 2012
Vulnerability published
Sep 17, 2012

CVE-2012-2575 Data

JSON

Netwin

Badges

What is CVE-2012-2575?

Exploit Proof of Concept (PoC)

References

Timeline