CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37238
https://notcve.org/view.php?id=CVE-2022-37238
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del parámetro currentRequest. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37239
https://notcve.org/view.php?id=CVE-2022-37239
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable aun ataque de tipo Cross Site Scripting (XSS) por medio del endpoint rulles_list_ajax. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37240
https://notcve.org/view.php?id=CVE-2022-37240
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a una división de respuestas HTTP por medio del parámetro format. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37241
https://notcve.org/view.php?id=CVE-2022-37241
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del endpoint data_leak_list_ajax. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37242
https://notcve.org/view.php?id=CVE-2022-37242
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. MDaemon Technologies SecurityGateway for Email Servers 8.5.2, es vulnerable a la división de la respuesta HTTP por medio del parámetro data. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37243
https://notcve.org/view.php?id=CVE-2022-37243
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a Cross Site Scripting (XSS) por medio del punto final de la lista blanca. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37244
https://notcve.org/view.php?id=CVE-2022-37244
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a la inyección de IFRAME a través del parámetro currentRequest. después del inicio de sesión lleva a inyectar la etiqueta maliciosa lleva a la inyección de IFRAME. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37245
https://notcve.org/view.php?id=CVE-2022-37245
25 Aug 2022 — MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a Cross Site Scripting (XSS) por medio del punto final Blacklist. • https://files.mdaemon.com/securitygateway/release/relnotes_en.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29976
https://notcve.org/view.php?id=CVE-2022-29976
11 May 2022 — An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 . Se ha detectado una vulnerabilidad de tipo Cross-site scripting Reflejado y Autenticado en el parámetro BCC en MDaemon versiones anteriores a 22.0.0 • https://github.com/haxpunk1337/MDaemon-/blob/main/MDaemon%20XSS%20at%20BCC%20endpoint • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29975
https://notcve.org/view.php?id=CVE-2022-29975
11 May 2022 — An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 . Se ha detectado una vulnerabilidad de tipo Cross-site scriptin Reflejado y Autenticado en el parámetro CC en MDaemon versiones anteriores a 22.0.0 • https://github.com/haxpunk1337/MDaemon-/blob/main/MDaemon%20XSS%20at%20CC%20endpoint • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •