PT-2018-12552 · Coremail · Coremail Xt
Published
2018-08-10
·
Updated
2018-10-05
·
CVE-2018-14503
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Coremail XT version 3.0
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
sid parameter in the intervalCheck.jsp file.Recommendations
For Coremail XT version 3.0, consider restricting access to the intervalCheck.jsp file until a patch is available. As a temporary workaround, avoid using the
sid parameter in the affected intervalCheck.jsp file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Coremail Xt