Sign-up

ID

VAR-202208-1840


CVE

CVE-2022-37244


TITLE

MDaemon Technologies  of  security gateway for email servers  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-015715

DESCRIPTION

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. MDaemon Technologies of security gateway for email servers Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2022-37244 // JVNDB: JVNDB-2022-015715 // VULHUB: VHN-427847

AFFECTED PRODUCTS

vendor:altnmodel:security gateway for email serversscope:eqversion:8.5.2

Trust: 1.0

vendor:mdaemonmodel:security gateway for email serversscope:eqversion: -

Trust: 0.8

vendor:mdaemonmodel:security gateway for email serversscope:eqversion:8.5.2

Trust: 0.8

vendor:mdaemonmodel:security gateway for email serversscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-015715 // NVD: CVE-2022-37244

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-37244
value: MEDIUM

Trust: 1.0

NVD: CVE-2022-37244
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202208-3865
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2022-37244
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2022-37244
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2022-015715 // CNNVD: CNNVD-202208-3865 // NVD: CVE-2022-37244

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-427847 // JVNDB: JVNDB-2022-015715 // NVD: CVE-2022-37244

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202208-3865

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202208-3865

PATCH

title:Alt-N MDaemon Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206054

Trust: 0.6

sources: CNNVD: CNNVD-202208-3865

EXTERNAL IDS

db:NVDid:CVE-2022-37244

Trust: 3.3

db:JVNDBid:JVNDB-2022-015715

Trust: 0.8

db:CNNVDid:CNNVD-202208-3865

Trust: 0.6

db:VULHUBid:VHN-427847

Trust: 0.1

sources: VULHUB: VHN-427847 // JVNDB: JVNDB-2022-015715 // CNNVD: CNNVD-202208-3865 // NVD: CVE-2022-37244

REFERENCES

url:https://files.mdaemon.com/securitygateway/release/relnotes_en.htm

Trust: 2.5

url:https://gtn.com.np/wp-content/uploads/2022/07/iframe-injection-at-currentrequest-parameter.pdf

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2022-37244

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-37244/

Trust: 0.6

sources: VULHUB: VHN-427847 // JVNDB: JVNDB-2022-015715 // CNNVD: CNNVD-202208-3865 // NVD: CVE-2022-37244

SOURCES

db:VULHUBid:VHN-427847
db:JVNDBid:JVNDB-2022-015715
db:CNNVDid:CNNVD-202208-3865
db:NVDid:CVE-2022-37244

LAST UPDATE DATE

2024-08-14T15:06:13.387000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-427847date:2022-08-29T00:00:00
db:JVNDBid:JVNDB-2022-015715date:2023-09-28T08:07:00
db:CNNVDid:CNNVD-202208-3865date:2022-08-30T00:00:00
db:NVDid:CVE-2022-37244date:2022-08-29T15:44:13.840

SOURCES RELEASE DATE

db:VULHUBid:VHN-427847date:2022-08-25T00:00:00
db:JVNDBid:JVNDB-2022-015715date:2023-09-28T00:00:00
db:CNNVDid:CNNVD-202208-3865date:2022-08-25T00:00:00
db:NVDid:CVE-2022-37244date:2022-08-25T15:15:10.040