Cgiemail
by CPanel
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5613 | Hig | 0.51 | 7.8 | 0.03 | Mar 3, 2017 | Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file. | ||
| CVE-2017-5616 | Med | 0.40 | 6.1 | 0.01 | Mar 3, 2017 | Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter. | ||
| CVE-2017-5615 | Med | 0.40 | 6.1 | 0.01 | Mar 3, 2017 | cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location. | ||
| CVE-2017-5614 | Med | 0.40 | 6.1 | 0.01 | Mar 3, 2017 | Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter. |
- risk 0.51cvss 7.8epss 0.03
Format string vulnerability in cgiemail and cgiecho allows remote attackers to execute arbitrary code via format string specifiers in a template file.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
- risk 0.40cvss 6.1epss 0.01
cgiemail and cgiecho allow remote attackers to inject HTTP headers via a newline character in the redirect location.
- risk 0.40cvss 6.1epss 0.01
Open redirect vulnerability in cgiemail and cgiecho allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the (1) success or (2) failure parameter.