Published: 05/06/2014 Updated: 31/08/2015

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly prior to 12.4.1.15, allow remote malicious users to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipswitch imail server 12.3
ipswitch imail server 12.4

# Exploit Title: IPSwitch IMail Server WEB client 124 persistent XSS # Google Dork: # Date: 3 june 2014 # Exploit Author: Peru (GoSecure!) # Vendor Homepage: wwwipswitchcom # Software Link: wwwimailservercom/try/ # Version: Tested on 123 and 124 before 124115 # Tested on: WindowsServer2008R2 STD SP1 # CVE : 2014-3878 Four injecti ...

CWE-79 http://www.exploit-db.com/exploits/33633 http://seclists.org/fulldisclosure/2014/Jun/19 http://www.securitytracker.com/id/1030335 http://www.securityfocus.com/bid/67830 http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html https://nvd.nist.gov https://www.exploit-db.com/exploits/33633/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-3878

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect