CVE-2024-47227

iRedAdmin before 2.6 allows XSS, e.g., via order_name.
Configurations

Configuration 1 (hide)

cpe:2.3:a:iredmail:iredadmin:*:*:*:*:open_source:*:*:*

History

27 Sep 2024, 16:37

Type Values Removed Values Added
CWE CWE-79
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:iredmail:iredadmin:*:*:*:*:open_source:*:*:*
First Time Iredmail
Iredmail iredadmin
References () https://docs.iredmail.org/upgrade.iredmail.1.6.8-1.7.0.html#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-26 - () https://docs.iredmail.org/upgrade.iredmail.1.6.8-1.7.0.html#upgrade-iredadmin-open-source-edition-to-the-latest-stable-release-26 - Release Notes, Vendor Advisory
References () https://github.com/iredmail/iRedAdmin/commit/3c72b438d412ea3ee0270f6956e19b1098c19191 - () https://github.com/iredmail/iRedAdmin/commit/3c72b438d412ea3ee0270f6956e19b1098c19191 - Patch
References () https://github.com/iredmail/iRedAdmin/commit/b537e71ecf522d7f10180f5f0aab4a98a881893a - () https://github.com/iredmail/iRedAdmin/commit/b537e71ecf522d7f10180f5f0aab4a98a881893a - Patch
References () https://github.com/iredmail/iRedAdmin/compare/2.5...2.6 - () https://github.com/iredmail/iRedAdmin/compare/2.5...2.6 - Issue Tracking, Product
References () https://www.iredmail.org - () https://www.iredmail.org - Product

26 Sep 2024, 13:32

Type Values Removed Values Added
Summary
  • (es) iRedAdmin anterior a 2.6 permite XSS, por ejemplo, a través de order_name.

23 Sep 2024, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-23 04:15

Updated : 2024-09-27 16:37


NVD link : CVE-2024-47227

Mitre link : CVE-2024-47227

CVE.ORG link : CVE-2024-47227


JSON object : View

Products Affected

iredmail

  • iredadmin
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')