Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for ability_mail_server by codecrafters
FKIE_CVE-2019-9557
Vulnerability from fkie_nvd - Published: 2019-03-12 19:29 - Updated: 2024-11-21 04:51
Severity ?
Summary
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codecrafters | ability_mail_server | 4.2.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codecrafters:ability_mail_server:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "29DD93DE-283E-49F6-9B88-FD5BAE5534AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe."
},
{
"lang": "es",
"value": "Ability Mail Server, en su versi\u00f3n 4.2.6, tiene Cross-Site Scripting (XSS) persistente mediante el cuerpo del correo electr\u00f3nico. Para explotar la vulnerabilidad, la v\u00edctima deber\u00e1 abrir un correo electr\u00f3nico con JavaScript malicioso que se inserta en el cuerpo del correo electr\u00f3nico como un iframe."
}
],
"id": "CVE-2019-9557",
"lastModified": "2024-11-21T04:51:51.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-12T19:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-17752
Vulnerability from fkie_nvd - Published: 2017-12-20 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.exploit-db.com/exploits/43378/ | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/43378/ | Exploit, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| codecrafters | ability_mail_server | 3.3.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:codecrafters:ability_mail_server:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2D313B55-4F69-4601-BB99-675FB95D28B7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4."
},
{
"lang": "es",
"value": "Ability Mail Server 3.3.2 tiene una vulnerabilidad Cross Site Scripting (XSS) a trav\u00e9s del cuerpo de un mensaje de correo electr\u00f3nico, con c\u00f3digo JavaScript que se ejecuta en la pantalla Read Mail (tambi\u00e9n conocida como /_readmail URI). Esto se ha corregido en la versi\u00f3n 4.2.4."
}
],
"id": "CVE-2017-17752",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-20T16:29:00.273",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43378/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43378/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2019-9557 (GCVE-0-2019-9557)
Vulnerability from cvelistv5 – Published: 2019-03-12 19:00 – Updated: 2024-08-04 21:54
VLAI?
Summary
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9557",
"datePublished": "2019-03-12T19:00:00.000Z",
"dateReserved": "2019-03-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17752 (GCVE-0-2017-17752)
Vulnerability from cvelistv5 – Published: 2017-12-20 16:00 – Updated: 2024-08-05 20:59
VLAI?
Summary
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2017-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43378",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43378/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43378",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43378/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43378",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43378/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17752",
"datePublished": "2017-12-20T16:00:00.000Z",
"dateReserved": "2017-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9557 (GCVE-0-2019-9557)
Vulnerability from nvd – Published: 2019-03-12 19:00 – Updated: 2024-08-04 21:54
VLAI?
Summary
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2019-03-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:44.479Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-12T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9557",
"datePublished": "2019-03-12T19:00:00.000Z",
"dateReserved": "2019-03-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T21:54:44.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17752 (GCVE-0-2017-17752)
Vulnerability from nvd – Published: 2017-12-20 16:00 – Updated: 2024-08-05 20:59
VLAI?
Summary
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Date Public ?
2017-12-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:59:17.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43378",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43378/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43378",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43378/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43378",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43378/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17752",
"datePublished": "2017-12-20T16:00:00.000Z",
"dateReserved": "2017-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T20:59:17.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}