Filtered by vendor Kiteworks Subscriptions
Filtered by product Totemomail Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-28064 1 Kiteworks 1 Totemomail 2025-02-13 9.8 Critical
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with storeLoginChunkedImages).
CVE-2024-28063 1 Kiteworks 1 Totemomail 2025-02-13 6.1 Medium
Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS.