Is CVE-2014-3878 actively exploited?

CVE-2014-3878 has no public evidence of in-the-wild exploitation as of 2025-04-12.

What is the CVSS score for CVE-2014-3878?

CVE-2014-3878 has a CVSS score of 4.3 (UNKNOWN severity). Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N.

How do I patch CVE-2014-3878?

Patch guidance is available from ipswitch security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2014-3878.

CVE-2014-3878 - remediation guidance & executive summary

Q: Which products are affected by CVE-2014-3878?

2 products: ipswitch imail server, ipswitch imail server.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web client interface in Ipswitch IMail Server 12.3 and 12.4, possibly before 12.4.1.15, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in an add new contact action in the Contacts section or unspecified vectors in (2) an Add Group task in the Contacts section, (3) an add new event action in the Calendar section, or (4) the Task section.

CVSS Metrics

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector: network
Access Cmplx: medium
Auth: none
Confidentiality: none
Integrity: partial
Availability: none
Weaknesses: CWE-79 · Cross-site Scripting (XSS)

Metadata

Primary Vendor: IPSWITCH
Published: 6/5/2014
Last Modified: 4/12/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2014-3878

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary