CVE-2011-5149
published 2012-08-31CVE-2011-5149: Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP421medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.88%
76.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| spamtitan | spamtitan | <= 5.07 | — |
| spamtitan | spamtitan | <= 5.08 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8c58-cj6j-7593: Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5
ghsa_unreviewed·2022-05-17
CVE-2011-5149 [MEDIUM] CWE-79 GHSA-8c58-cj6j-7593: Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
GHSA
GHSA-rpg6-68hp-8vpv: Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2011-5150 [MEDIUM] CWE-79 GHSA-rpg6-68hp-8vpv: Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/77987http://osvdb.org/77988http://osvdb.org/77989http://secunia.com/advisories/47309http://www.exploit-db.com/exploits/18261http://www.vulnerability-lab.com/get_content.php?id=91https://exchange.xforce.ibmcloud.com/vulnerabilities/71942http://osvdb.org/77987http://osvdb.org/77988http://osvdb.org/77989http://secunia.com/advisories/47309http://www.exploit-db.com/exploits/18261http://www.vulnerability-lab.com/get_content.php?id=91https://exchange.xforce.ibmcloud.com/vulnerabilities/71942
2012-08-31
Published