Home

CVE-2025-2976

Description

A vulnerability was found in GFI KerioConnect 10.0.6. It has been classified as problematic. Affected is an unknown function of the component File Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Risk Information

Base Score
3.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.066

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2025-2975,CVE-2025-2976,CVE-2025-2977 are affected in GFI Kerio Connect 10.0.6Windows
Vulnerabilities CVE-2025-2975,CVE-2025-2976,CVE-2025-2977 are affected in KerioConnect 10.0.6Windows
vim Security Update (ALAS-2025-932) xxd-9.1.1202-1.amzn2023.0.1.x86_64.rpmLinux
vim Security Update (ALAS-2025-932) vim-minimal-9.1.1202-1.amzn2023.0.1.x86_64.rpmLinux
vim Security Update (ALAS-2025-932) vim-filesystem-9.1.1202-1.amzn2023.0.1.noarch.rpmLinux
vim Security Update (ALAS-2025-932) vim-enhanced-9.1.1202-1.amzn2023.0.1.x86_64.rpmLinux
vim Security Update (ALAS-2025-932) vim-default-editor-9.1.1202-1.amzn2023.0.1.noarch.rpmLinux
vim Security Update (ALAS-2025-932) vim-data-9.1.1202-1.amzn2023.0.1.noarch.rpmLinux
vim Security Update (ALAS-2025-932) vim-common-9.1.1202-1.amzn2023.0.1.x86_64.rpmLinux
vim Security Update (ALAS-2025-2827) xxd-9.0.2153-1.amzn2.0.4.x86_64.rpmLinux
vim Security Update (ALAS-2025-2827) vim-minimal-9.0.2153-1.amzn2.0.4.x86_64.rpmLinux
vim Security Update (ALAS-2025-2827) vim-filesystem-9.0.2153-1.amzn2.0.4.noarch.rpmLinux
vim Security Update (ALAS-2025-2827) vim-enhanced-9.0.2153-1.amzn2.0.4.x86_64.rpmLinux
vim Security Update (ALAS-2025-2827) vim-data-9.0.2153-1.amzn2.0.4.noarch.rpmLinux
vim Security Update (ALAS-2025-2827) vim-common-9.0.2153-1.amzn2.0.4.x86_64.rpmLinux
vim Security Update (ALAS-2025-2827) vim-X11-9.0.2153-1.amzn2.0.4.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234