{
  "id": "CVE-2008-2831",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2008-10-02T18:18:05.680",
  "lastModified": "2017-08-08T01:31:21.793",
  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature in the Spam Quarantine Management (SQM) component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via (1) the list of blocked senders or (2) the list of safe senders."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de commandos en sitios cruzados (XSS) en la delegaci\u00f3n de la gesti\u00f3n de spam en funci\u00f3n del componente Spam Quarantine Management (SQM) en MailMarshal SMTP v6.0.3.8 hasta v6.3.0.0 permite a usuarios remotos autenticados asistidos por el usuario inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de (1) la lista de remitentes bloqueados o (2) la lista de remitentes seguros.\r\n\r\n"
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 3.5
        },
        "baseSeverity": "LOW",
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mailmarshal:e10000_appliance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A934236-5CB5-4813-BB82-993D6E33D8BC"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mailmarshal:smtp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40CE2241-6798-47E6-BF3C-D1147357C6B2"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mailmarshal:smtp:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "6.3.0.0",
              "matchCriteriaId": "3A0A5B39-59B3-4265-A2C3-22905FAD578E"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:mailmarshal:smtp:6.0.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "657E5DFF-67FF-492F-A5FA-E073E9E3F700"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://www.dcsl.ul.ie/marshal.htm",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://www.marshal.com/kb/article.aspx?id=12175",
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ]
    },
    {
      "url": "http://www.securityfocus.com/bid/31483",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45509",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45511",
      "source": "cve@mitre.org"
    }
  ]
}