Iredmail

iredmail

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-47227 1Iredmail 1Iredadmin Mar 25, 2025 Sep 23, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 iRedAdmin before 2.6 allows XSS, e.g., via order_name.
CVE-2018-1000072 1Iredmail 1Iredmail Nov 21, 2024 Mar 13, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration...Show more iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-47227

1Iredmail

1Iredadmin

Mar 25, 2025

Sep 23, 2024

N/A· v4

6.1 MEDIUM· v3

N/A· v2

iRedAdmin before 2.6 allows XSS, e.g., via order_name.

CVE-2018-1000072

1Iredmail

Nov 21, 2024

Mar 13, 2018

N/A· v4

7.5 HIGH· v3

5.0 MEDIUM· v2

iRedMail version prior to commit f04b8ef contains a Insecure Permissions vulnerability in Roundcube Webmail that can result in Exfiltrate a user's password protected secret GPG key file and other important configuration files.. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in Beta: 0.9.8-BETA1, Stable: 0.9.7.Show less