CVE-2012-2955

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

Published: Jul 20, 2012
Updated: Apr 13, 2023
CVE: CVE-2012-2955
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
ibm / proventia_network_mail_security_system_firmware	2.5	2.5.x
ibm / proventia_network_mail_security_system_firmware	2.5.0.2	2.5.0.2.x
ibm / proventia_network_mail_security_system_firmware	2.5.1	2.5.1.x
ibm / proventia_network_mail_security_system_firmware	2.6	2.6.x
ibm / proventia_network_mail_security_system_firmware	2.8	2.8.x
ibm / proventia_network_mail_security_system	-	-
ibm / proventia_network_mail_security_system	ms3004	ms3004.x
ibm / lotus_protector_for_mail_security	2.8	2.8.x
ibm / lotus_protector_for_mail_security	2.1	2.1.x
ibm / lotus_protector_for_mail_security	2.5	2.5.x
ibm / lotus_protector_for_mail_security	2.5.1	2.5.1.x

Vulnerability Database

290,301

CVE-2012-2955