CVE-2024-41959
- Source
- https://cve.org/CVERecord?id=CVE-2024-41959
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41959.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-41959
- Aliases
-
- GHSA-v3r3-8f69-ph29
- Published
- 2024-08-05T19:59:46.318Z
- Modified
- 2026-04-10T05:15:58.952067Z
- Severity
-
- 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVSS Calculator
- Summary
- Cross-site Scripting (XSS) via API Logs in mailcow: dockerized
- Details
-
mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API logs page is viewed, potentially allowing an attacker to run malicious scripts in the context of the user's browser. This could lead to unauthorized actions, data theft, or further exploitation of the affected system. This issue has been addressed in the
2024-07release. All users are advised to upgrade. There are no known workarounds for this vulnerability. - Database specific
{ "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41959.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/41xxx/CVE-2024-41959.json
- https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-v3r3-8f69-ph29
- https://nvd.nist.gov/vuln/detail/CVE-2024-41959
- https://github.com/mailcow/mailcow-dockerized/commit/66aa28b5de282fc037e0d2f02fbdc84539b614a1
Affected packages
Git / github.com/mailcow/mailcow-dockerized
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mailcow/mailcow-dockerized
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
2022-01
2022-01a
2022-03
2022-03a
2022-05
2022-05a
2022-05b
2022-05c
2022-05d
2022-06
2022-06a
2022-06b
2022-07
2022-07a
2022-08
2022-08a
2022-08b
2022-09
2022-09a
2022-10
2022-10a
2022-11
2022-11a
2022-11b
2022-12
2022-12a
2022-12b
2023-01
2023-01a
2023-02
2023-02a
2023-03
2023-04
2023-04a
2023-04b
2023-05
2023-05a
2023-07
2023-07a
2023-08
2023-09
2023-10
2023-10a
2023-11
2023-11a
2023-12
2023-12a
2024-01
2024-01a
2024-01b
2024-01c
2024-01d
2024-01e
2024-02
2024-04
2024-06
2024-06a
2024-06b
2024-06c