Skip to main content

Coremail Xt

4 CVEs product

Monthly

CVE-2020-29133 MEDIUM This Month

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coremail Xt
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2018-14503 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-9330 MEDIUM POC This Month

register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2015-6942 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
CVSS 3.0
6.1
EPSS
0.2%
EPSS 1% CVSS 6.1
MEDIUM This Month

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Coremail Xt
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Coremail Xt
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy