Description
Stored cross-site scripting vulnerability exists in CGIs included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, an arbitrary script may be executed on a logged-in user's web browser.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected products
- A.K.I Software / pmam.exe2.5.1.1411 and earlier – 2.5.1.1411 and earlier
- A.K.I Software / pmc.exe2.5.1.720 and earlier – 2.5.1.720 and earlier
- A.K.I Software / pmum.exe (Pro edition)2.5.1.25452 and earlier – 2.5.1.25452 and earlier
- A.K.I Software / pmum.exe (Pro + IMAP4 edition / Enterprise edition)2.5.1.25454 and earlier – 2.5.1.25454 and earlier
- A.K.I Software / pmum.exe (Standard edition)2.5.1.25451 and earlier – 2.5.1.25451 and earlier
- A.K.I Software / pmum.exe (Standard + IMAP4 edition)2.5.1.25453 and earlier – 2.5.1.25453 and earlier