CVE-2023-39223
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| A.K.I Software | pmc.exe | 2.5.1.720 and earlier | affected |
| A.K.I Software | pmam.exe | 2.5.1.1411 and earlier | affected |
| A.K.I Software | pmum.exe (Standard edition) | 2.5.1.25451 and earlier | affected |
| A.K.I Software | pmum.exe (Pro edition) | 2.5.1.25452 and earlier | affected |
| A.K.I Software | pmum.exe (Standard + IMAP4 edition) | 2.5.1.25453 and earlier | affected |
| A.K.I Software | pmum.exe (Pro + IMAP4 edition / Enterprise edition) | 2.5.1.25454 and earlier | affected |
Weaknesses
- Cross-site scripting (XSS)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.