CVE-2014-2325

Proxmox Mail Gateway <3.1-5829 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.

References (3)

[Patch, Vendor Advisory] http://proxmox.com/news/archive/view/listid-1-proxmox-newsletter/mailid-48-proxmox-newsletter-march-2014-proxmox-ve-3-2-released/tmpl-component

[Exploit] http://seclists.org/fulldisclosure/2014/Mar/110

[Exploit] http://www.securityfocus.com/bid/66169

Scores

EPSS 0.0030

EPSS Percentile 52.8%

Details

CWE

CWE-79

Status published

Products (6)

proxmox/mail_gateway < 3.1-5741

proxmox/mail_gateway

n/a/n/a

Published Mar 14, 2014

Tracked Since Feb 18, 2026