CVE-2015-3141

Synametrics Technologies Xeams <4.5 Build 5755 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-3141. PoCs published by Marlow Tannhauser.

AI-analyzed exploit summary This exploit demonstrates CSRF and stored XSS vulnerabilities in Xeams 4.5 Build 5755. It includes PoC HTML snippets that trigger CSRF attacks to create new SMTP domains or users, combined with XSS payloads.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.

Exploits (1)

exploitdb WORKING POC

by Marlow Tannhauser · textwebappsphp

https://www.exploit-db.com/exploits/36949

View Code ZIP pw:eip

This exploit demonstrates CSRF and stored XSS vulnerabilities in Xeams 4.5 Build 5755. It includes PoC HTML snippets that trigger CSRF attacks to create new SMTP domains or users, combined with XSS payloads.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Xeams 4.5 Build 5755

No auth needed

Prerequisites: Victim must visit a malicious webpage or click a crafted link

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/121847

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74578

Exploit exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/36949/

Exploit x_refsource_misc

http://packetstormsecurity.com/files/131844/Xeams-4.5-Build-5755-CSRF-Cross-Site-Scripting.html

Scores

EPSS 0.0200

EPSS Percentile 78.3%

Details

CWE

CWE-352

Status published

Products (1)

synametrics/xeams < 4.5

Published May 20, 2015

Tracked Since Feb 18, 2026