GCVE - cpe:2.3:a:gfi:kerio_connect:10.0.6:-:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gfi:kerio_connect:10.0.6:-:*:*:*:*:*:*

part: a version: 10.0.6 update: -

Vendor	Gfi (`cd394833-109c-5606-a2f3-854a54717243`)
Product	Kerio Connect (`7dc1ffc3-4f32-5082-a2f6-f86df6b60e49`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2977`	vulnerable	2026-06-03 15:00:26.953730	GFI KerioConnect PDF File cross site scripting LOW (3.5) A vulnerability was found in GFI KerioConnect 10.0.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-03-31T05:00:08.371Z Updated: 2025-03-31T12:56:33.980Z Open on db.gcve.eu Reference links https://vuldb.com/?id.302029 https://vuldb.com/?ctiid.302029 https://vuldb.com/?submit.523016 https://github.com/0xs1ash/poc/blob/main/portable_data_exfiltration.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2976`	vulnerable	2026-06-03 15:00:26.953213	GFI KerioConnect File Upload cross site scripting LOW (3.5) A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-03-31T04:31:04.158Z Updated: 2025-03-31T13:33:46.323Z Open on db.gcve.eu Reference links https://vuldb.com/?id.302028 https://vuldb.com/?ctiid.302028 https://github.com/0xs1ash/poc/blob/main/xss.md#2-when-a-file-with-a-malicious-javascript-code-in-its-name-is-uploaded-to-the-system-it-is-displayed-again-on-the-page-within-the-input-field-without-being-sanitized-this-creates-the-potential-for-an-xss-att	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-2975`	vulnerable	2026-06-03 15:00:26.952728	GFI KerioConnect Signature EditHtmlSource cross site scripting LOW (3.5) A vulnerability was found in GFI KerioConnect 10.0.6 and classified as problematic. This issue affects some unknown processing of the file Settings/Email/Signature/EditHtmlSource of the component Signature Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-03-31T04:00:10.553Z Updated: 2025-03-31T16:03:53.750Z Open on db.gcve.eu Reference links https://vuldb.com/?id.302027 https://vuldb.com/?ctiid.302027 https://vuldb.com/?submit.523009 https://github.com/0xs1ash/poc/blob/main/xss.md#1-stored-xss	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.