CVE-2025-2976

Medium CVSS: 5.1

A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Gfi

Product

Kerio Connect

CWE

CWE-79

Yayın Tarihi

2025-03-31 05:15:16

Güncelleme

2025-11-04 19:36:59

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-79 Kerio Connect MEDIUM Gfi 2025

Referanslar

https://github.com/0xs1ash/poc/blob/main/xss.md#2-when-a-file-with-a-malicious-javascript-code-in-its-name-is-uploaded-to-the-system-it-is-displayed-again-on-the-page-within-the-input-field-without-being-sanitized-this-creates-the-potential-for-an-xss-att https://vuldb.com/?ctiid.302028 https://vuldb.com/?id.302028

Benzer Kayıtlar

High

CVE-2026-2036

GFI Archiver MArc.Store Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows…

High

CVE-2026-2037

GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows…

Critical

CVE-2026-2038

GFI Archiver MArc.Core Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote attac…

Critical

CVE-2026-2039

GFI Archiver MArc.Store Missing Authorization Authentication Bypass Vulnerability. This vulnerability allows remote atta…

Medium

CVE-2026-23621

GFI MailEssentials AI versions prior to 22.4 contain an arbitrary directory existence enumeration vulnerability in the L…

Medium

CVE-2026-23616

GFI MailEssentials AI versions prior to 22.4 contain a stored cross-site scripting vulnerability in the Anti-Spoofing co…