CVE-2024-41960
- Source
- https://cve.org/CVERecord?id=CVE-2024-41960
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-41960.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-41960
- Aliases
-
- GHSA-jpp8-rhg6-4vvv
- Published
- 2024-08-05T19:59:48.492Z
- Modified
- 2026-02-11T02:34:23.894637Z
- Severity
-
- 3.8 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site Scripting (XSS) via Relay Hosts Configuration in mailcow: dockerized
- Details
-
mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scripts in the context of the user's browser. This could lead to data theft, or further exploitation. This issue has been addressed in the
2024-07release. All users are advised to upgrade. There are no known workarounds for this vulnerability. - Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41960.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41960.json
- https://github.com/mailcow/mailcow-dockerized/commit/efb2572f0fa57628ad98a76a4ae884a10cac0a1a
- https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jpp8-rhg6-4vvv
- https://nvd.nist.gov/vuln/detail/CVE-2024-41960
Affected packages
Git / github.com/mailcow/mailcow-dockerized
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mailcow/mailcow-dockerized
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
2022-01
2022-01a
2022-03
2022-03a
2022-04
2022-05
2022-05a
2022-05b
2022-05c
2022-05d
2022-06
2022-06a
2022-06b
2022-07
2022-07a
2022-08
2022-08a
2022-08b
2022-09
2022-09a
2022-10
2022-10a
2022-11
2022-11a
2022-11b
2022-12
2022-12a
2022-12b
2023-01
2023-01a
2023-02
2023-02a
2023-03
2023-04
2023-04a
2023-04b
2023-05
2023-05a
2023-07
2023-07a
2023-08
2023-09
2023-10
2023-10a
2023-11
2023-11a
2023-12
2023-12a
2024-01
2024-01a
2024-01b
2024-01c
2024-01d
2024-01e
2024-02
2024-04
2024-06
2024-06a
2024-06b
2024-06c