CVE-2017-17752

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
References
Link Resource
https://www.exploit-db.com/exploits/43378/ Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:codecrafters:ability_mail_server:3.3.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-12-20 16:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-17752

Mitre link : CVE-2017-17752

CVE.ORG link : CVE-2017-17752


JSON object : View

Products Affected

codecrafters

  • ability_mail_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')