VYPR
Vendor

Coremail

Products
2
CVEs
4
Across products
5
Status
Private

Products

2

Recent CVEs

4
  • CVE-2020-29133MedNov 27, 2020
    risk 0.40cvss 6.1epss 0.01

    jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.

  • CVE-2018-14503MedAug 10, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Coremail XT 3.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

  • CVE-2015-6942MedAug 29, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment.

  • CVE-2018-9330MedApr 7, 2018
    risk 0.35cvss 5.4epss 0.01

    register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942.