Archive for June 2014

Full Disclosure – IPSwitch IMail Server WEB client vulnerability

Vendor: IPSwitch Product: IMail Server WEB client. Tested on 12.3 and 12.4 before 12.4.1.15 Type of vulnerability: Persistent Cross Site Scripting CVSS: 3.4 – Vector CVE: 2014-3878 Exploit-DB 33633 OSVDB: 107700 107701 107702 Discovered by: GoSecure! Date of discovery: 30 march 2014 First contact with vendor: 31 march 2014 – Case Id: 2-199617 Patching date:… (read more)