CVE-2023-39223

Summary

Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.

Affected Software

VendorProductVersion RangeStatus
A.K.I Softwarepmc.exe2.5.1.720 and earlieraffected
A.K.I Softwarepmam.exe2.5.1.1411 and earlieraffected
A.K.I Softwarepmum.exe (Standard edition)2.5.1.25451 and earlieraffected
A.K.I Softwarepmum.exe (Pro edition)2.5.1.25452 and earlieraffected
A.K.I Softwarepmum.exe (Standard + IMAP4 edition)2.5.1.25453 and earlieraffected
A.K.I Softwarepmum.exe (Pro + IMAP4 edition / Enterprise edition)2.5.1.25454 and earlieraffected

Weaknesses

  • Cross-site scripting (XSS)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References