CVE-2012-2569

Synametrics Technologies Xeams 4.4 Build 5720 - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2569. PoCs published by loneferret.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in Xeams Email Server 4.4 Build 5720 by sending an email with a malicious JavaScript payload. The payload is injected into the email body and executed when the victim views the email.

Description

Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.

Exploits (1)

exploitdb WORKING POC VERIFIED

by loneferret · pythonwebappswindows

https://www.exploit-db.com/exploits/20367

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Xeams Email Server 4.4 Build 5720 by sending an email with a malicious JavaScript payload. The payload is injected into the email body and executed when the victim views the email.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Xeams Email Server 4.4 Build 5720

Auth required

Prerequisites: Valid SMTP credentials · Access to the target SMTP server

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/84591

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/77504

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/50190

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/20367

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/54902

Scores

EPSS 0.0182

EPSS Percentile 75.9%

Details

CWE

CWE-79

Status published

Products (1)

synametrics/xeams 4.4

Published Jun 19, 2014

Tracked Since Feb 18, 2026