CVE-2015-3141
published 2015-05-20CVE-2015-3141: Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.00%
78.3th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| synametrics | xeams | <= 4.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/121847http://packetstormsecurity.com/files/131844/Xeams-4.5-Build-5755-CSRF-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/bid/74578https://www.exploit-db.com/exploits/36949/http://osvdb.org/show/osvdb/121847http://packetstormsecurity.com/files/131844/Xeams-4.5-Build-5755-CSRF-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/bid/74578https://www.exploit-db.com/exploits/36949/
2015-05-20
Published