Description
Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.
Exploits (1)
References (5)
Core 5
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/Jun/19
Exploit x_refsource_misc
http://packetstormsecurity.com/files/126948/IPSwitch-IMail-12.4-Cross-Site-Scripting.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67830
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030335
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/33633
Scores
EPSS
0.0031
EPSS Percentile
54.2%
Details
CWE
CWE-79
Status
published
Products (2)
ipswitch/imail_server
12.3
ipswitch/imail_server
12.4
Published
Jun 05, 2014
Tracked Since
Feb 18, 2026