Search criteria
16 vulnerabilities found for security_gateway_for_email_servers by altn
CVE-2022-37238 (GCVE-0-2022-37238)
Vulnerability from nvd – Published: 2022-08-25 15:01 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gtn.com.np/wp-content/uploads/2022/07/Aut… | x_refsource_MISC |
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T15:01:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf"
},
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37238",
"datePublished": "2022-08-25T15:01:12.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37245 (GCVE-0-2022-37245)
Vulnerability from nvd – Published: 2022-08-25 14:13 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:13:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37245",
"datePublished": "2022-08-25T14:13:53.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37244 (GCVE-0-2022-37244)
Vulnerability from nvd – Published: 2022-08-25 14:41 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/IFR… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:41:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37244",
"datePublished": "2022-08-25T14:41:42.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37243 (GCVE-0-2022-37243)
Vulnerability from nvd – Published: 2022-08-25 14:43 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:43:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37243",
"datePublished": "2022-08-25T14:43:36.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37242 (GCVE-0-2022-37242)
Vulnerability from nvd – Published: 2022-08-25 14:53 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/HTT… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:53:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37242",
"datePublished": "2022-08-25T14:53:07.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37241 (GCVE-0-2022-37241)
Vulnerability from nvd – Published: 2022-08-25 14:54 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:54:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37241",
"datePublished": "2022-08-25T14:54:47.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37240 (GCVE-0-2022-37240)
Vulnerability from nvd – Published: 2022-08-25 14:56 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/HTT… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:56:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37240",
"datePublished": "2022-08-25T14:56:25.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37239 (GCVE-0-2022-37239)
Vulnerability from nvd – Published: 2022-08-25 14:59 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:59:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37239",
"datePublished": "2022-08-25T14:59:13.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37238 (GCVE-0-2022-37238)
Vulnerability from cvelistv5 – Published: 2022-08-25 15:01 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://gtn.com.np/wp-content/uploads/2022/07/Aut… | x_refsource_MISC |
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T15:01:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Authenticated-Reflected-Cross-Site-Scripting-XSS-at-currentRequest-Parameter.pdf"
},
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37238",
"datePublished": "2022-08-25T15:01:12.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37239 (GCVE-0-2022-37239)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:59 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:59:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37239",
"datePublished": "2022-08-25T14:59:13.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37240 (GCVE-0-2022-37240)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:56 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/HTT… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:56:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-format-parameter.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37240",
"datePublished": "2022-08-25T14:56:25.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37241 (GCVE-0-2022-37241)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:54 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.469Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:54:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-data_leak_list_ajax-endpoint.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37241",
"datePublished": "2022-08-25T14:54:47.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37242 (GCVE-0-2022-37242)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:53 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/HTT… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:53:07.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/HTTP-Response-splitting-through-DATA-parameter.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37242",
"datePublished": "2022-08-25T14:53:07.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37243 (GCVE-0-2022-37243)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:43 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:43:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-whitelist-endpoint.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37243",
"datePublished": "2022-08-25T14:43:36.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37244 (GCVE-0-2022-37244)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:41 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/IFR… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:19.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:41:42.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/IFRAME-Injection-at-currentRequest-Parameter.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37244",
"datePublished": "2022-08-25T14:41:42.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:19.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-37245 (GCVE-0-2022-37245)
Vulnerability from cvelistv5 – Published: 2022-08-25 14:13 – Updated: 2024-08-03 10:29
VLAI
Summary
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://files.mdaemon.com/securitygateway/release… | x_refsource_MISC |
| https://gtn.com.np/wp-content/uploads/2022/07/Sto… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:20.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-25T14:13:53.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-37245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm",
"refsource": "MISC",
"url": "https://files.mdaemon.com/securitygateway/release/relnotes_en.htm"
},
{
"name": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf",
"refsource": "MISC",
"url": "https://gtn.com.np/wp-content/uploads/2022/07/Stored-Cross-Site-Scripting-XSS-at-Blacklist-endpoint.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-37245",
"datePublished": "2022-08-25T14:13:53.000Z",
"dateReserved": "2022-08-01T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:29:20.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}