CVE-2008-2831
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders.
Múltiples vulnerabilidades de secuencias de commandos en sitios cruzados (XSS) en la delegación de la gestión de spam en función del componente Spam Quarantine Management (SQM) en MailMarshal SMTP v6.0.3.8 hasta v6.3.0.0 permite a usuarios remotos autenticados asistidos por el usuario inyectar web script o HTML de su elección a través de (1) la lista de remitentes bloqueados o (2) la lista de remitentes seguros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2008-06-23 CVE Reserved
- 2008-10-02 CVE Published
- 2024-08-07 CVE Updated
- 2024-11-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.dcsl.ul.ie/marshal.htm | X_refsource_misc | |
| http://www.securityfocus.com/bid/31483 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45509 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/45511 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/32062 | 2017-08-08 | |
| http://www.marshal.com/kb/article.aspx?id=12175 | 2017-08-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mailmarshal Search vendor "Mailmarshal" | E10000 Appliance Search vendor "Mailmarshal" for product "E10000 Appliance" | * | - |
Affected
| ||||||
| Mailmarshal Search vendor "Mailmarshal" | Smtp Search vendor "Mailmarshal" for product "Smtp" | * | - |
Affected
| ||||||
| Mailmarshal Search vendor "Mailmarshal" | Smtp Search vendor "Mailmarshal" for product "Smtp" | <= 6.3.0.0 Search vendor "Mailmarshal" for product "Smtp" and version " <= 6.3.0.0" | - |
Affected
| ||||||
| Mailmarshal Search vendor "Mailmarshal" | Smtp Search vendor "Mailmarshal" for product "Smtp" | 6.0.3.8 Search vendor "Mailmarshal" for product "Smtp" and version "6.0.3.8" | - |
Affected
| ||||||