CVE-2021-43574: XSS
First published: Mon Nov 15 2021(Updated: )
** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Atmail Atmail | =6.5.0 | |
| =6.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-43574.
What is the severity of CVE-2021-43574?
The severity of CVE-2021-43574 is medium with a CVSS score of 6.1.
How does CVE-2021-43574 affect Atmail?
CVE-2021-43574 affects Atmail version 6.5.0, a version released in 2012.
What is the impact of CVE-2021-43574?
CVE-2021-43574 allows XSS (cross-site scripting) attacks via the format parameter in the WebAdmin Control Panel.
Are there any fixes or mitigation steps available for CVE-2021-43574?
As this vulnerability affects a version that is no longer supported by the maintainer, it is recommended to upgrade to a supported version or consider an alternative solution.
- collector/nvd-index
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- collector/nvd-api
- source/NVD
- vendor/atmail
- canonical/atmail atmail
- version/atmail atmail/6.5.0