Vulnerabilites related to Atmail - Atmail Webmail Server
cve-2012-2593
Vulnerability from cvelistv5
Published
2020-02-06 13:47
Modified
2024-08-06 19:34
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/20009 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/54630 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Atmail | Atmail Webmail Server |
Version: 6.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:26.067Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54630"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Atmail Webmail Server",
"vendor": "Atmail",
"versions": [
{
"status": "affected",
"version": "6.4"
}
]
}
],
"datePublic": "2012-07-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-06T13:47:18",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/54630"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Atmail Webmail Server",
"version": {
"version_data": [
{
"version_value": "6.4"
}
]
}
}
]
},
"vendor_name": "Atmail"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.exploit-db.com/exploits/20009",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/20009"
},
{
"name": "http://www.securityfocus.com/bid/54630",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/54630"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2593",
"datePublished": "2020-02-06T13:47:18",
"dateReserved": "2012-05-09T00:00:00",
"dateUpdated": "2024-08-06T19:34:26.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}