Unrated severityNVD Advisory· Published Nov 30, 2023· Updated Aug 2, 2024

mailcow-dockerized XSS Vulnerability in Quarantine UI Allows Unauthorized Access and Data Manipulation

CVE-2023-49077

Description

Mailcow: dockerized is an open source groupware/email suite based on docker. A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature. An attacker can send a carefully crafted email containing malicious JavaScript code. This issue has been patched in version 2023-11.

Affected products

Mailcow/Mailcow Dockerizedv5
Range: < 2023-11

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/mailcow/mailcow-dockerized/releases/tag/2023-11mitrex_refsource_MISC
github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-46x4-w2fm-5x6gmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000