Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proxmox | Mail Gateway | <= 3.1-5741 |
Related Weaknesses (CWE)
References
- http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmPatchVendor Advisory
- http://seclists.org/fulldisclosure/2014/Mar/110Exploit
- http://www.securityfocus.com/bid/66169Exploit
- http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmPatchVendor Advisory
- http://seclists.org/fulldisclosure/2014/Mar/110Exploit
- http://www.securityfocus.com/bid/66169Exploit
FAQ
What is CVE-2014-2325?
CVE-2014-2325 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/ind...
How severe is CVE-2014-2325?
CVE-2014-2325 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2325?
Check the references section above for vendor advisories and patch information. Affected products include: Proxmox Mail Gateway.