{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T19:54:34.950","vulnerabilities":[{"cve":{"id":"CVE-2024-41960","sourceIdentifier":"security-advisories@github.com","published":"2024-08-05T20:15:36.477","lastModified":"2024-09-19T20:01:58.633","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scripts in the context of the user's browser. This could lead to data theft, or further exploitation. This issue has been addressed in the `2024-07` release. All users are advised to upgrade. There are no known workarounds for this vulnerability."},{"lang":"es","value":"mailcow: dockerized es un software colaborativo/paquete de correo electrónico de código abierto basado en Docker. Un usuario administrador autenticado puede inyectar un payload de JavaScript en la configuración de los hosts de retransmisión. El payload inyectado se ejecuta cada vez que se ve la página de configuración, lo que permite al atacante ejecutar scripts arbitrarios en el contexto del navegador del usuario. Esto podría conducir al robo de datos o a una mayor explotación. Este problema se solucionó en la versión \"2024-07\". Se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mailcow:mailcow\\:_dockerized:*:*:*:*:*:*:*:*","versionEndExcluding":"2024-07","matchCriteriaId":"995C99DD-01FE-4772-808E-1A927518ED1D"}]}]}],"references":[{"url":"https://github.com/mailcow/mailcow-dockerized/commit/efb2572f0fa57628ad98a76a4ae884a10cac0a1a","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-jpp8-rhg6-4vvv","source":"security-advisories@github.com","tags":["Third Party Advisory"]}]}}]}