Cross-Site Scripting Vulnerabilities in Proxmox Mail Gateway by Proxmox
CVE-2015-9057

6.1MEDIUM

Key Information:

Vendor: Proxmox
Status: Proxmox Mail Gateway
Vendor: CVE Published:; 3 May 2017

What is CVE-2015-9057?

Proxmox Mail Gateway is exposed to multiple cross-site scripting vulnerabilities that could allow remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities are triggered through various parameters found in the application, specifically within the management and configuration pages like /users/index.htm, /quarantine/spam/manage.htm, and more. Successful exploitation could lead to unauthorized actions on behalf of users, impacting the integrity and confidentiality of the system.

References

https://www.trustwave.com/Resources/Security-Advisories/A...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2017
Vulnerability Reserved
May 3, 2017

JSON