CVE-2020-29133 · Vexday

CVE-2020-29133

EPSS 1.1%

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/fa1c0n1/fa1c0n-vim/blob/master/temp/core_tmp.md