CVE-2012-2575

NetWin SurgeMail 6.0a4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by loneferret · pythonwebappswindows

https://www.exploit-db.com/exploits/20363

View Code ZIP pw:eip

References (1)

[Exploit] http://www.exploit-db.com/exploits/20363/

Scores

EPSS 0.0039

EPSS Percentile 59.4%

Classification

CWE

CWE-79

Status draft

Affected Products (1)

netwin/surgemail

Timeline

Published Sep 17, 2012

Tracked Since Feb 18, 2026