CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2587 – afterlogic mailsuite pro (VMware Appliance) 6.3 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2587
Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic MailSuite Pro 6.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted SRC attribute of (1) an IFRAME element or (2) a SCRIPT element. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en AfterLogic MailSuite Pro v6.3 que permite a atacantes remotos inyectar código web o html a través del cuerpo de un mensaje de correo electrónico con un atributo SRC manipulado por (1) un elemento IFRAME o (2) un elemento SCRIPT. AfterLogic Mailsuite Pro (VMware Appliance) version 6.3 suffers from a stored cross site scripting vulnerability. • https://www.exploit-db.com/exploits/20352 http://www.exploit-db.com/exploits/20352 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •