Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Totemomail
(Totemo)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 6 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-05-18 | CVE-2024-28063 | Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS. | Totemomail | N/A | ||
| 2020-03-27 | CVE-2020-7918 | An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated remote user to read and modify mail folder names of other users via enumeration. | Totemomail | 5.4 | ||
| 2019-08-30 | CVE-2018-15513 | Log viewer in totemomail 6.0.0 build 570 allows access to sessionIDs of high privileged users by leveraging access to a read-only auditor role. | Totemomail | 5.3 | ||
| 2019-08-30 | CVE-2018-15512 | Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | Totemomail | 6.1 | ||
| 2019-08-30 | CVE-2018-15511 | Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | Totemomail | 6.1 | ||
| 2019-08-30 | CVE-2018-15510 | Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | Totemomail | 6.1 |