{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T12:14:30.776","vulnerabilities":[{"cve":{"id":"CVE-2012-2575","sourceIdentifier":"cret@cert.org","published":"2012-09-17T14:55:00.813","lastModified":"2026-04-29T01:13:23.040","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message."},{"lang":"es","value":"Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en NetWin SurgeMail v6.0a4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del atributo SRC de un elemento IFRAME en el cuerpo de un mensaje de correo electrónico."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netwin:surgemail:6.0:a4:*:*:*:*:*:*","matchCriteriaId":"B9D9FC1C-B907-4FEC-8FC4-7CAFDAB072AF"}]}]}],"references":[{"url":"http://www.exploit-db.com/exploits/20363/","source":"cret@cert.org","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/20363/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]}]}}]}