CVE-2010-3201
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.3
Description
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Surgemail SurgeWeb 4.3e - Cross-Site Scripting
Source code queued for fetch โ refresh in a moment.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| netwin | surgemail | {"endIncluding":"4.2d4-4"} | |
| netwin | surgemail | 1.0c | |
| netwin | surgemail | 1.0d | |
| netwin | surgemail | 1.1a | |
| netwin | surgemail | 1.1b | |
| netwin | surgemail | 1.1c | |
| netwin | surgemail | 1.1d | |
| netwin | surgemail | 1.2a | |
| netwin | surgemail | 1.2b | |
| netwin | surgemail | 1.2c | |
| netwin | surgemail | 1.3a | |
| netwin | surgemail | 1.3a_rc1 | |
| netwin | surgemail | 1.3b | |
| netwin | surgemail | 1.3c | |
| netwin | surgemail | 1.3d | |
| netwin | surgemail | 1.3e | |
| netwin | surgemail | 1.3f | |
| netwin | surgemail | 1.3g | |
| netwin | surgemail | 1.3h | |
| netwin | surgemail | 1.3i | |
| netwin | surgemail | 1.3j | |
| netwin | surgemail | 1.3k | |
| netwin | surgemail | 1.3l | |
| netwin | surgemail | 1.4a | |
| netwin | surgemail | 1.4b | |
| netwin | surgemail | 1.4c | |
| netwin | surgemail | 1.5a | |
| netwin | surgemail | 1.5b | |
| netwin | surgemail | 1.5c | |
| netwin | surgemail | 1.5d | |
| netwin | surgemail | 1.5d2 | |
| netwin | surgemail | 1.5f | |
| netwin | surgemail | 1.6a | |
| netwin | surgemail | 1.6b | |
| netwin | surgemail | 1.6d | |
| netwin | surgemail | 1.6e | |
| netwin | surgemail | 1.6e2 | |
| netwin | surgemail | 1.7a | |
| netwin | surgemail | 1.7b3 | |
| netwin | surgemail | 1.8a | |
| netwin | surgemail | 1.8b3 | |
| netwin | surgemail | 1.8d | |
| netwin | surgemail | 1.8e | |
| netwin | surgemail | 1.8f | |
| netwin | surgemail | 1.8g3 | |
| netwin | surgemail | 1.9 | |
| netwin | surgemail | 1.9b2 | |
| netwin | surgemail | 2.0a2 | |
| netwin | surgemail | 2.0c | |
| netwin | surgemail | 2.0e | |
| netwin | surgemail | 2.0g2 | |
| netwin | surgemail | 2.1a | |
| netwin | surgemail | 2.1c7 | |
| netwin | surgemail | 2.2a6 | |
| netwin | surgemail | 2.2c9 | |
| netwin | surgemail | 2.2c10 | |
| netwin | surgemail | 2.2g2 | |
| netwin | surgemail | 2.2g3 | |
| netwin | surgemail | 3.0a | |
| netwin | surgemail | 3.0c2 | |
| netwin | surgemail | 3.1s | |
| netwin | surgemail | 3.2e | |
| netwin | surgemail | 3.5a | |
| netwin | surgemail | 3.5b3 | |
| netwin | surgemail | 3.6d | |
| netwin | surgemail | 3.6f3 | |
| netwin | surgemail | 3.6f5 | |
| netwin | surgemail | 3.6f7 | |
| netwin | surgemail | 3.7b | |
| netwin | surgemail | 3.7b3 | |
| netwin | surgemail | 3.7b5 | |
| netwin | surgemail | 3.7b6 | |
| netwin | surgemail | 3.7b7 | |
| netwin | surgemail | 3.7b8 | |
| netwin | surgemail | 3.8a | |
| netwin | surgemail | 3.8b | |
| netwin | surgemail | 3.8d | |
| netwin | surgemail | 3.8f | |
| netwin | surgemail | 3.8f2 | |
| netwin | surgemail | 3.8f3 | |
| netwin | surgemail | 3.8i | |
| netwin | surgemail | 3.8i2 | |
| netwin | surgemail | 3.8i3 | |
| netwin | surgemail | 3.8k | |
| netwin | surgemail | 3.8k2 | |
| netwin | surgemail | 3.8k3 | |
| netwin | surgemail | 3.8k4 | |
| netwin | surgemail | 3.8m | |
| netwin | surgemail | 3.8o | |
| netwin | surgemail | 3.8q | |
| netwin | surgemail | 3.8s | |
| netwin | surgemail | 3.8u | |
| netwin | surgemail | 3.9a | |
| netwin | surgemail | 3.9c | |
| netwin | surgemail | 3.9e | |
| netwin | surgemail | 3.9g | |
| netwin | surgemail | 3.9g2 | |
| netwin | surgemail | 4.0a | |
| netwin | surgemail | 4.0k | |
| netwin | surgemail | 4.0u3 | |
| netwin | surgemail | 4.0u4 | |
| netwin | surgemail | 4.0v-8 | |
| netwin | surgemail | 4.2a2-2 | |
| netwin | surgemail | 4.2a2-3 | |
| netwin | surgemail | 4.2a3-3 | |
| netwin | surgemail | 4.2d-1 | |
| netwin | surgemail | 4.2d2-2 | |
| netwin | surgemail | 4.2d3-3 | |
| netwin | surgemail | beta_3.9a | |
References
- http://ictsec.se/?p=108
- http://secunia.com/advisories/41685
- http://www.securityfocus.com/archive/1/514115/100/0/threaded
- http://www.securityfocus.com/bid/43679
- https://www.exploit-db.com/exploits/34797/
- http://ictsec.se/?p=108
- http://secunia.com/advisories/41685
- http://www.securityfocus.com/archive/1/514115/100/0/threaded
- http://www.securityfocus.com/bid/43679
- https://www.exploit-db.com/exploits/34797/
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.