CVE-2021-43462
https://notcve.org/view.php?id=CVE-2021-43462
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Rumble Mail Server versión 0.51.3135, por medio del parámetro username • https://www.exploit-db.com/exploits/49255 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-43461
https://notcve.org/view.php?id=CVE-2021-43461
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Rumble Mail Server versión 0.51.3135, por medio del parámetro servername • https://www.exploit-db.com/exploits/49253 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-43459
https://notcve.org/view.php?id=CVE-2021-43459
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Rumble Mail Server versión 0.51.3135, por medio de los parámetros (1) domain y (2) path • https://www.exploit-db.com/exploits/49254 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-43456
https://notcve.org/view.php?id=CVE-2021-43456
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path. Se presenta una vulnerabilidad de ruta de servicio no citada en Rumble Mail Server versión 0.51.3135, por medio de un archivo especialmente diseñado en la ruta de servicio del ejecutable RumbleService • https://exchange.xforce.ibmcloud.com/vulnerabilities/192729 https://github.com/M507/Miner https://www.exploit-db.com/exploits/49203 • CWE-428: Unquoted Search Path or Element •