var-201406-0382
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. Ipswitch IMail Server of Web The client interface contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. IPSwitch IMail Server WEB client is prone to multiple HTML-injection vulnerabilities because it fails to sanitize user-supplied input. Attacker supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. Ipswitch IMail Server is an American Ipswitch company's mail server running on the Microsoft Windows operating system. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0382",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "imail server",
"scope": "eq",
"trust": 2.7,
"vendor": "ipswitch",
"version": "12.4"
},
{
"model": "imail server",
"scope": "eq",
"trust": 2.4,
"vendor": "ipswitch",
"version": "12.3"
}
],
"sources": [
{
"db": "BID",
"id": "67830"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ipswitch:imail_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Peru",
"sources": [
{
"db": "BID",
"id": "67830"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3878",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-71818",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3878",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3878",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-063",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71818",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71818"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section. Ipswitch IMail Server of Web The client interface contains a cross-site scripting vulnerability.By any third party, any Web Script or HTML May be inserted. IPSwitch IMail Server WEB client is prone to multiple HTML-injection vulnerabilities because it fails to sanitize user-supplied input. \nAttacker supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible. Ipswitch IMail Server is an American Ipswitch company\u0027s mail server running on the Microsoft Windows operating system. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3878"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "BID",
"id": "67830"
},
{
"db": "VULHUB",
"id": "VHN-71818"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-71818",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71818"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3878",
"trust": 2.8
},
{
"db": "PACKETSTORM",
"id": "126948",
"trust": 1.9
},
{
"db": "EXPLOIT-DB",
"id": "33633",
"trust": 1.7
},
{
"db": "BID",
"id": "67830",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1030335",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-063",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-86838",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-71818",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71818"
},
{
"db": "BID",
"id": "67830"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"id": "VAR-201406-0382",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71818"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:23:05.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.imailserver.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71818"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://packetstormsecurity.com/files/126948/ipswitch-imail-12.4-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/33633"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/67830"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2014/jun/19"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030335"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3878"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3878"
},
{
"trust": 0.3,
"url": "http://www.ipswitch.com/products/imail_server/index.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71818"
},
{
"db": "BID",
"id": "67830"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71818"
},
{
"db": "BID",
"id": "67830"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-71818"
},
{
"date": "2014-06-04T00:00:00",
"db": "BID",
"id": "67830"
},
{
"date": "2014-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"date": "2014-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"date": "2014-06-05T17:55:06.807000",
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "VULHUB",
"id": "VHN-71818"
},
{
"date": "2014-06-04T00:00:00",
"db": "BID",
"id": "67830"
},
{
"date": "2014-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002758"
},
{
"date": "2014-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-063"
},
{
"date": "2024-11-21T02:09:02.720000",
"db": "NVD",
"id": "CVE-2014-3878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ipswitch IMail Server of Web Cross-site scripting vulnerability in client interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002758"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-063"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…