CVE-2015-9057
Last modified
CVE-2015-9057 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.. EPSS estimates a 0.77% chance of exploitation in the next 30 days.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Proxmox | Proxmox Mail Gateway | <= 4.0-4\/b38fc5d9 |
References
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-024/?fid=7431Exploit, Third Party Advisory
- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-024/?fid=7431Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-9057?
How severe is CVE-2015-9057?
How do I fix CVE-2015-9057?
Are you affected by CVE-2015-9057?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST