GCVE - cpe:2.3:a:proxmox:proxmox_mail_gateway:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:proxmox:proxmox_mail_gateway:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Proxmox (`d3ea5405-be81-5453-b02d-0e12d2762911`)
Product	Proxmox Mail Gateway (`89c6f00e-8fd9-5cfa-9753-56adf4fb8a14`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-43320`	vulnerable	2026-06-08 06:11:11.128593	Details available An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. Published: 2023-09-27T00:00:00.000Z Updated: 2024-11-26T20:22:30.047Z Open on db.gcve.eu Reference links https://bugzilla.proxmox.com/show_bug.cgi?id=4579 https://bugzilla.proxmox.com/show_bug.cgi?id=4584 https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9058`	vulnerable	2026-06-08 05:07:05.894446	Details available Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. Published: 2017-05-03T10:00:00.000Z Updated: 2024-08-06T08:36:31.799Z Open on db.gcve.eu Reference links https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-024/?fid=7431	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-9057`	vulnerable	2026-06-08 05:07:05.894048	Details available Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. Published: 2017-05-03T10:00:00.000Z Updated: 2024-08-06T08:36:31.661Z Open on db.gcve.eu Reference links https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-024/?fid=7431	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.