cpe:/a:socketmail:socketmail:2.2.9:-:professional CVE-2012-4059 2012-07-25T17:55:03.930-04:00 2017-08-28T21:32:08.947-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2012-07-26T15:40:00.000-04:00 OSVDB 81531 MISC http://packetstormsecurity.org/files/112090/SocketMail-Pro-2.2.9-Cross-Site-Request-Forgery-Cross-Site-Scripting.html XF socketmailpro-secretqtn-csrf(75114) Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php in SocketMail Pro 2.2.9 allows remote attackers to hijack the authentication of arbitrary users for requests that change user security questions and answers via an upd action.