VAR-201009-0012
Vulnerability from variot - Updated: 2025-04-11 23:19Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. (1) pvm_messagestore.php To date1 Parameters (2) pvm_user_management.php To userfilter Parameters (3) sys_ping.php action of sys_tools.php To ping Parameters (4) pvm_cert_commaction.php of action Parameters (5) pvm_cert_serveraction.php To action Parameters (6) pvm_smtpstore.php To action Parameters (7) sla/index.php To l Parameters (8) Stored data. The Local Management Interface is a set of enhancements to the basic Frame Relay specification. When exploited by an external/internal attacker, such identified vulnerabilities could lead to Session Hijack, Information Disclosure, force installation of malicious file or Trojan on users' PCs, etc.
A persistent XSS vulnerability can be exploited by an external unauthenticated attacker to inject malicious scripting code which is persistently stored. When the system is accessed by authorised users, such malicious code could be used to severely compromise the security of the appliance.
A persistent XSS vulnerability identified in saved search filters (Mail Security->Email Browser) allows an internal authenticated attacker to inject malicious scripting code.
Multiple reflected XSS vulnerabilities can be exploited by manipulating parameters of pvm_messagestore.php resource.
url_placeholder/pvm_messagestore.php?msgid=&sender=&rcpt=&subject=&meta=&mailsize=&folder=allfolders&date1=alert('xss')&date2=&s=mails&favname=
Reflected XSS vulnerabilities can be exploited by manipulating parameters of the following resources:
* userfilter parameter of pvm_user_management.php resource.
url_placeholder/pvm_smtpstore.php?id=frozen&action="><script>alert("XSS")</script>
* l parameter of /sla/index.php resource
url_placeholder/sla/index.php?l="><script>alert(document.cookie)</script>
Affected Versions
IBM Proventia Network Mail Security System - virtual appliance (firmware 1.6) IBM Proventia Network Mail Security System - virtual appliance (firmware 2.5)
Mitigation
Vendor recommends upgrading to PNMSS firmware 2.5.0.2 or later. Alternatively, please contact IBM for technical support.
Disclosure Timeline
2009, November 07: Vulnerabilities discovered and documented 2009, November 08: Notification sent to IBM 2009, November 09: IBM acknowledges receiving the report 2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues 2010, September 12: MVSA-10-007 advisory published.
Credits
Dr. Marian Ventuneac http://ventuneac.net
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201009-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "proventia network mail security system virtual appliance",
"scope": null,
"trust": 1.4,
"vendor": "ibm",
"version": null
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "1.6"
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "2.5"
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "eq",
"trust": 1.0,
"vendor": "ibm",
"version": "*"
},
{
"model": "proventia network mail security system virtual appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "ibm",
"version": "2.5.0.2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ibm:proventia_network_mail_security_system_virtual_appliance",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ibm:proventia_network_mail_security_system_virtual_appliance_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dr. Marian Ventuneac",
"sources": [
{
"db": "PACKETSTORM",
"id": "93799"
}
],
"trust": 0.1
},
"cve": "CVE-2010-0152",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-0152",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-42757",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-0152",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-0152",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201009-112",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-42757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42757"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. (1) pvm_messagestore.php To date1 Parameters (2) pvm_user_management.php To userfilter Parameters (3) sys_ping.php action of sys_tools.php To ping Parameters (4) pvm_cert_commaction.php of action Parameters (5) pvm_cert_serveraction.php To action Parameters (6) pvm_smtpstore.php To action Parameters (7) sla/index.php To l Parameters (8) Stored data. The Local Management Interface is a set of enhancements to the basic Frame Relay specification. When exploited by an external/internal attacker, such identified vulnerabilities could lead to Session Hijack, Information Disclosure, force installation of malicious file or Trojan on users\u0027 PCs, etc. \n\nA persistent XSS vulnerability can be exploited by an external unauthenticated attacker to inject malicious scripting code which is persistently stored. When the system is accessed by authorised users, such malicious code could be used to severely compromise the security of the appliance. \n\nA persistent XSS vulnerability identified in saved search filters (Mail Security-\u003eEmail Browser) allows an internal authenticated attacker to inject malicious scripting code. \n\nMultiple reflected XSS vulnerabilities can be exploited by manipulating parameters of pvm_messagestore.php resource. \n\nurl_placeholder/pvm_messagestore.php?msgid=\u0026sender=\u0026rcpt=\u0026subject=\u0026meta=\u0026mailsize=\u0026folder=allfolders\u0026date1=\u003cscript\u003ealert(\u0027xss\u0027)\u003c/script\u003e\u0026date2=\u0026s=mails\u0026favname=\n\nReflected XSS vulnerabilities can be exploited by manipulating parameters of the following resources:\n\n * userfilter parameter of pvm_user_management.php resource. \n\n\turl_placeholder/pvm_smtpstore.php?id=frozen\u0026action=\"\u003e\u003cscript\u003ealert(\"XSS\")\u003c/script\u003e\n\n * l parameter of /sla/index.php resource\n\n\turl_placeholder/sla/index.php?l=\"\u003e\u003cscript\u003ealert(document.cookie)\u003c/script\u003e\n\n\nAffected Versions\n\nIBM Proventia Network Mail Security System - virtual appliance (firmware 1.6)\nIBM Proventia Network Mail Security System - virtual appliance (firmware 2.5)\n\n\nMitigation\n \nVendor recommends upgrading to PNMSS firmware 2.5.0.2 or later. \nAlternatively, please contact IBM for technical support. \n \n\nDisclosure Timeline\n\n2009, November 07: Vulnerabilities discovered and documented\n2009, November 08: Notification sent to IBM\n2009, November 09: IBM acknowledges receiving the report\n2010, March: IBM releases PNMSS Firmware 2.5.0.2 correcting the reported issues\n2010, September 12: MVSA-10-007 advisory published. \n\n\nCredits\n\nDr. Marian Ventuneac\nhttp://ventuneac.net\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-0152"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "VULHUB",
"id": "VHN-42757"
},
{
"db": "PACKETSTORM",
"id": "93799"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-42757",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42757"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-0152",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201009-112",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20100912 MVSA-10-007 / CVE-2010-0152 - IBM PROVENTIA MAIL SECURITY SYSTEM - MULTIPLE PERSISTENT AND REFLECTED XSS VULNERABILITIES",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "93799",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-42757",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42757"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "PACKETSTORM",
"id": "93799"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"id": "VAR-201009-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-42757"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:19:05.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Proventia Network Mail Security System",
"trust": 0.8,
"url": "http://www-935.ibm.com/services/us/en/it-services/proventia-network-mail-security-system.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42757"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.ventuneac.net/security-advisories/mvsa-10-007"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/513629/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0152"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0152"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/513629/100/0/threaded"
},
{
"trust": 0.1,
"url": "http://ventuneac.net"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-0152"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-42757"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "PACKETSTORM",
"id": "93799"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-42757"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"db": "PACKETSTORM",
"id": "93799"
},
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-42757"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"date": "2010-09-14T01:03:00",
"db": "PACKETSTORM",
"id": "93799"
},
{
"date": "2010-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"date": "2010-09-14T17:00:01.337000",
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-42757"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-002928"
},
{
"date": "2010-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201009-112"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-0152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IBM PNMSS Appliance LMI Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-002928"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201009-112"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…