CVE-2014-3878

Published: Jun 5, 2014Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.

Affected (2)

Products: Ipswitch: Imail Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ipswitch Imail Server	Version 12.3
Ipswitch Imail Server	Version 12.4

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html

Source: cve@mitre.org

Exploit

http://seclists.org/fulldisclosure/2014/Jun/19

Source: cve@mitre.org

http://www.exploit-db.com/exploits/33633

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/67830

Source: cve@mitre.org

http://www.securitytracker.com/id/1030335

Source: cve@mitre.org

http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/fulldisclosure/2014/Jun/19

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/33633

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/67830

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030335

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.