CVE-2012-2586

mailtraq 2.17.3.3150 - Persistent Cross-Site Scripting

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.

Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mailtraq v2.17.3.3150, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del asunto en un mensaje de correo electrónico con:(1) uso de la función Alert de JavaScrip junto al método fromCharCode o (2) un elemento SCRIPT; un cuerpo de e.mail con (3) un atributo SRC manipulado en un elemento IFRAME, (4) un dato: URL en el atributo CONTENT de un elemento HTTP-EQUIV="refresh" META, o (5) una propiedad expression en una hoja CSS (Cascading Style Sheets) en el atributo STYLE de una elemento IMG; o una cabecera Date en un mensaje de correo electrónico con (6) una función alert de JavaScriptjunto al método fromCharCode, (7) un elemento SCRIPT, (8) una propiedad expression de CSS en el atributo STYLE de un elemento arbitrario, (9) un atributo SRC modificado en una elemento IFRAME, o (10) una dato URL en el atributo CONTENT de un elemento TTP-EQUIV="refresh" META.

MailTraq version 2.17.3.3150 suffers from a stored cross site scripting vulnerability.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-05-09 CVE Reserved
2012-08-08 CVE Published
2012-08-08 First Exploit
2024-09-16 CVE Updated
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://www.exploit-db.com/exploits/20353	2012-08-08
http://www.exploit-db.com/exploits/20353	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mailtraq Search vendor "Mailtraq"		Mailtraq Search vendor "Mailtraq" for product "Mailtraq"				2.17.3.3150 Search vendor "Mailtraq" for product "Mailtraq" and version "2.17.3.3150"		-		Affected