CVE-2015-9057

MEDIUM

Proxmox Mail Gateway < 4.0-4\/b38fc5d9 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.

References (1)

[Exploit, Third Party Advisory] https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-024/?fid=7431

Scores

CVSS v3 6.1

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

proxmox/proxmox_mail_gateway < 4.0-4\/b38fc5d9

n/a/n/a

Timeline

Published May 03, 2017

Tracked Since Feb 18, 2026