CVE

Id
71174  
CVE No.
CVE-2014-3878  
Status
Candidate  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.  
Phase
Assigned (20140527)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
676974 71174 CVE-2014-3878 EXPLOIT-DB:33633  View
676975 71174 CVE-2014-3878 URL:http://www.exploit-db.com/exploits/33633  View
676976 71174 CVE-2014-3878 FULLDISC:20140604 IPSwitch IMail Server WEB client 12.4 persistent XSS  View
676977 71174 CVE-2014-3878 URL:http://seclists.org/fulldisclosure/2014/Jun/19  View
676978 71174 CVE-2014-3878 MISC:http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html  View
676979 71174 CVE-2014-3878 BID:67830  View
676980 71174 CVE-2014-3878 URL:http://www.securityfocus.com/bid/67830  View
676981 71174 CVE-2014-3878 SECTRACK:1030335  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
12041 JVNDB-2014-000060 Webmin におけるクロスサイトスクリプティングの脆弱性 Webmin は、ウェブベースのシステム管理ツールです。Webmin には、"referrer checking" が無効に設定されている場合において、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-3886 71174 2.6 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-000060.html  View