Cross-Site Scripting Vulnerabilities in Proxmox Mail Gateway by Proxmox
CVE-2014-2325

Currently unrated

Key Information:

Vendor: Proxmox
Status: Mail Gateway
Vendor: CVE Published:; 14 March 2014

What is CVE-2014-2325?

Proxmox Mail Gateway prior to version 3.1-5829 is susceptible to multiple cross-site scripting vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML code through the 'state' parameter in the objects/who/index.htm page or via a user email address in the quarantine/spam/manage.htm page. This can lead to unauthorized data exposure and potential attacks on users interacting with the affected web interface.

References

http://www.securityfocus.com/bid/66169

vdb-entryx_refsource_BID

http://proxmox.com/news/archive/view/listid-1-proxmox-new...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2014/Mar/110

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2014
Vulnerability Reserved
Mar 12, 2014

JSON