Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mailmarshal | E10000 Appliance | All versions |
| Mailmarshal | Smtp | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32062Vendor Advisory
- http://www.dcsl.ul.ie/marshal.htm
- http://www.marshal.com/kb/article.aspx?id=12175Vendor Advisory
- http://www.securityfocus.com/bid/31483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45511
- http://secunia.com/advisories/32062Vendor Advisory
- http://www.dcsl.ul.ie/marshal.htm
- http://www.marshal.com/kb/article.aspx?id=12175Vendor Advisory
- http://www.securityfocus.com/bid/31483
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45511
FAQ
What is CVE-2008-2831?
CVE-2008-2831 is a vulnerability with a CVSS score of 3.5 (LOW). Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-as...
How severe is CVE-2008-2831?
CVE-2008-2831 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2831?
Check the references section above for vendor advisories and patch information. Affected products include: Mailmarshal E10000 Appliance, Mailmarshal Smtp.