CVE-2022-37244
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
MDaemon Technologies SecurityGateway for Email Servers versión 8.5.2, es vulnerable a la inyección de IFRAME a través del parámetro currentRequest. después del inicio de sesión lleva a inyectar la etiqueta maliciosa lleva a la inyección de IFRAME.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-08-01 CVE Reserved
- 2022-08-25 CVE Published
- 2024-03-17 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://files.mdaemon.com/securitygateway/release/relnotes_en.htm | 2022-08-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Altn Search vendor "Altn" | Security Gateway For Email Servers Search vendor "Altn" for product "Security Gateway For Email Servers" | 8.5.2 Search vendor "Altn" for product "Security Gateway For Email Servers" and version "8.5.2" | - |
Affected
| ||||||