CVE-2015-3141

NONECVSS 0.0

0.0

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.

🔗 References (8)

cve@mitrehttp://osvdb.org/show/osvdb/121847
cve@mitrehttp://packetstormsecurity.com/files/131844/Xeams-4.5-Build-5755-CSRF-Cross-Site-Scripting.html
cve@mitrehttp://www.securityfocus.com/bid/74578
cve@mitrehttps://www.exploit-db.com/exploits/36949/
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/show/osvdb/121847
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/131844/Xeams-4.5-Build-5755-CSRF-Cross-Site-Scripting.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/74578
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/36949/

Is Your Infrastructure Affected by CVE-2015-3141?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2015-3141

📅 Published

🔄 Last Modified

🔗 References (8)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2015-3141?