CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-27105

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.5%

CVSS Severity

CVSS v3 Score 5.4

References

http://www.inmailx.com/products/inmailx
https://gist.github.com/0xVavaldi/9b7afbfe56938294480f7613805d3b7f
http://www.inmailx.com/products/inmailx
https://gist.github.com/TheWorkingDeveloper/9b7afbfe56938294480f7613805d3b7f

Products affected by CVE-2022-27105

Digitus » Inmailx » Version: 3.21.0801

cpe:2.3:a:digitus:inmailx:3.21.0801
Digitus » Inmailx » Version: 3.21.0901

cpe:2.3:a:digitus:inmailx:3.21.0901
Digitus » Inmailx » Version: 3.21.1001

cpe:2.3:a:digitus:inmailx:3.21.1001
Digitus » Inmailx » Version: 3.21.1101

cpe:2.3:a:digitus:inmailx:3.21.1101
Digitus » Inmailx » Version: 3.21.1201

cpe:2.3:a:digitus:inmailx:3.21.1201

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-27105

Products

Pricing

Contact Us