216.73.216.67

CVE-2024-41960

· Published 05/08/2024 20:15 · Modified 05/08/2024 20:15

Labels: CVE-2024-41960 2024-08-05CVE-2024-41960CWE-79[email protected]

Essential information

Published
05/08/2024 20:15
Modified
05/08/2024 20:15
Author
Creator
CVSS
3.8 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CVSS metrics

Description

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scripts in the context of the user's browser. This could lead to data theft, or further exploitation. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References