PT-2018-12552 · Coremail · Coremail Xt
Publicado
2018-08-10
·
Atualizado
2018-10-05
·
CVE-2018-14503
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Coremail XT version 3.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
sid parameter in the intervalCheck.jsp file.Recommendations
For Coremail XT version 3.0, consider restricting access to the intervalCheck.jsp file until a patch is available. As a temporary workaround, avoid using the
sid parameter in the affected intervalCheck.jsp file to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Coremail Xt