VYPR
Unrated severityNVD Advisory· Published May 20, 2015· Updated Jun 17, 2026

CVE-2015-3141

CVE-2015-3141

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Synametrics/Xeams2 versions
    cpe:2.3:a:synametrics:xeams:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:synametrics:xeams:*:*:*:*:*:*:*:*range: <=4.5
    • (no CPE)range: <=4.5 Build 5755

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.