Codecrafters Ability Mail Server vulnerabilities
2 known vulnerabilities affecting codecrafters/ability_mail_server.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2017-17752P4MEDIUMCVSS 6.1PoCv3.3.22017-12-20
CVE-2017-17752 [MEDIUM] CWE-79 CVE-2017-17752: Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with Jav
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
nvd
CVE-2019-9557P4MEDIUMCVSS 6.1v4.2.62019-03-12
CVE-2019-9557 [MEDIUM] CWE-79 CVE-2019-9557: Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exp
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
nvd