iRedAdmin before 2.6 allows XSS, e.g., via order_name.
References
Configurations
History
27 Sep 2024, 16:37
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CPE | cpe:2.3:a:iredmail:iredadmin:*:*:*:*:open_source:*:*:* | |
First Time |
Iredmail
Iredmail iredadmin |
|
References | () https://docs.iredmail.org/upgrade.iredmail.1.6.8-1.7.0.html#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-26 - Release Notes, Vendor Advisory | |
References | () https://github.com/iredmail/iRedAdmin/commit/3c72b438d412ea3ee0270f6956e19b1098c19191 - Patch | |
References | () https://github.com/iredmail/iRedAdmin/commit/b537e71ecf522d7f10180f5f0aab4a98a881893a - Patch | |
References | () https://github.com/iredmail/iRedAdmin/compare/2.5...2.6 - Issue Tracking, Product | |
References | () https://www.iredmail.org - Product |
26 Sep 2024, 13:32
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Sep 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-23 04:15
Updated : 2024-09-27 16:37
NVD link : CVE-2024-47227
Mitre link : CVE-2024-47227
CVE.ORG link : CVE-2024-47227
JSON object : View
Products Affected
iredmail
- iredadmin
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')