CVE-2015-9057

Name of the Vulnerable Software and Affected Versions Proxmox Mail Gateway versions prior to 4.0-8-097d26a9

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via multiple parameters. The affected API endpoints include "/users/index.htm", "/quarantine/spam/manage.htm", "/quarantine/spam/whitelist.htm", "/queues/mail/index/", "/system/ssh.htm", "/queues/mail/?domain=", and "/quarantine/virus/manage.htm".

Recommendations For Proxmox Mail Gateway versions prior to 4.0-8-097d26a9, update to version 4.0-8-097d26a9 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints until a patch is applied. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.