Vulnerabilities > Securenvoy > Securmail > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2018-7707 Cross-site Scripting vulnerability in Securenvoy Securmail
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
network
low complexity
securenvoy CWE-79
6.1
2018-03-15 CVE-2018-7706 Path Traversal vulnerability in Securenvoy Securmail
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a ..
network
low complexity
securenvoy CWE-22
6.5
2018-03-15 CVE-2018-7704 Information Exposure vulnerability in Securenvoy Securmail
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
network
low complexity
securenvoy CWE-200
6.5
2018-03-15 CVE-2018-7703 Cross-site Scripting vulnerability in Securenvoy Securmail
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
network
low complexity
securenvoy CWE-79
6.1
2018-03-15 CVE-2018-7701 Cross-Site Request Forgery (CSRF) vulnerability in Securenvoy Securmail
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.
network
low complexity
securenvoy CWE-352
6.5