Lucene search

[email protected]NVD:CVE-2023-4594

HistoryNov 23, 2023 - 1:15 p.m.

CVE-2023-4594

2023-11-2313:15:12

CWE-79

[email protected]

web.nvd.nist.gov

mailadmin

stored xss

multiple parameters

javascript payload

get method

post method

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.0%

JSON

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmin_dll.htm file.

Affected configurations

Nvd

Node

seattlelabslmailMatch5.5.0.4433

AND

microsoftwindowsMatch-

VendorProductVersionCPE
seattlelabslmail5.5.0.4433cpe:2.3:a:seattlelab:slmail:5.5.0.4433:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
seattlelab	slmail	5.5.0.4433	cpe:2.3:a:seattlelab:slmail:5.5.0.4433:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*

References

www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-bvrp-software-slmail