Sign-up

ID

VAR-201705-1376


CVE

CVE-2015-9057


TITLE

Proxmox Mail Gateway Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2015-007547

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. Proxmox Mail Gateway Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Proxmox Mail Gateway is an email gateway product of Austrian company Proxmox Server Solutions. The product protects email from viruses, phishing and Trojans

Trust: 1.71

sources: NVD: CVE-2015-9057 // JVNDB: JVNDB-2015-007547 // VULHUB: VHN-87018

AFFECTED PRODUCTS

vendor:proxmoxmodel:mail gatewayscope:lteversion:4.0-4\/b38fc5d9

Trust: 1.0

vendor:proxmox servermodel:mail gatewayscope:ltversion:hotfix 4.0-8-097d26a9

Trust: 0.8

vendor:proxmoxmodel:mail gatewayscope:eqversion:4.0-4\/b38fc5d9

Trust: 0.6

sources: JVNDB: JVNDB-2015-007547 // CNNVD: CNNVD-201705-217 // NVD: CVE-2015-9057

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9057
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-9057
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201705-217
value: MEDIUM

Trust: 0.6

VULHUB: VHN-87018
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-9057
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-87018
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9057
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-87018 // JVNDB: JVNDB-2015-007547 // CNNVD: CNNVD-201705-217 // NVD: CVE-2015-9057

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-87018 // JVNDB: JVNDB-2015-007547 // NVD: CVE-2015-9057

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201705-217

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201705-217

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007547

PATCH
title:Proxmox Mail Gatewayurl:https://www.proxmox.com/en/proxmox-mail-gateway
Trust: 0.8
title:Proxmox Mail Gateway Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69845
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007547 // 
            
            
            
            CNNVD: CNNVD-201705-217

EXTERNAL IDS
db:NVDid:CVE-2015-9057
Trust: 2.5
db:JVNDBid:JVNDB-2015-007547
Trust: 0.8
db:CNNVDid:CNNVD-201705-217
Trust: 0.7
db:VULHUBid:VHN-87018
Trust: 0.1
sources:
            
            
            VULHUB: VHN-87018 // 
            
            
            
            JVNDB: JVNDB-2015-007547 // 
            
            
            
            CNNVD: CNNVD-201705-217 // 
            
            
            
            NVD: CVE-2015-9057

REFERENCES
url:https://www.trustwave.com/resources/security-advisories/advisories/twsl2015-024/?fid=7431
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9057
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-9057
Trust: 0.8
sources:
            
            
            VULHUB: VHN-87018 // 
            
            
            
            JVNDB: JVNDB-2015-007547 // 
            
            
            
            CNNVD: CNNVD-201705-217 // 
            
            
            
            NVD: CVE-2015-9057

SOURCES
db:VULHUBid:VHN-87018
db:JVNDBid:JVNDB-2015-007547
db:CNNVDid:CNNVD-201705-217
db:NVDid:CVE-2015-9057

LAST UPDATE DATE
2025-04-20T23:05:05.877000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-87018date:2017-05-12T00:00:00
db:JVNDBid:JVNDB-2015-007547date:2017-06-05T00:00:00
db:CNNVDid:CNNVD-201705-217date:2017-05-04T00:00:00
db:NVDid:CVE-2015-9057date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-87018date:2017-05-03T00:00:00
db:JVNDBid:JVNDB-2015-007547date:2017-06-05T00:00:00
db:CNNVDid:CNNVD-201705-217date:2017-05-04T00:00:00
db:NVDid:CVE-2015-9057date:2017-05-03T10:59:00.163