Magicwinmail: >> Winmail Server >> 4.4 Security Vulnerabilities
Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).
CVSS Score
6.1
EPSS Score
0.001
Published
2024-12-18
Winmail Server through 6.2 allows remote code execution by authenticated users who leverage directory traversal in a netdisk.php copy_folder_file call (in inc/class.ftpfolder.php) to move a .php file from the FTP folder into a web folder.
CVSS Score
8.8
EPSS Score
0.039
Published
2018-01-14