Cross-Site Scripting Vulnerability in IceWarp Merak Mail Server
CVE-2007-5046

Currently unrated

Key Information:

Vendor

Icewarp

Status
Merak Mail Server
Vendor
CVE Published:
24 September 2007

What is CVE-2007-5046?

A cross-site scripting (XSS) vulnerability exists in the Webmail interface of IceWarp Merak Mail Server prior to version 9.0.0. This flaw allows remote attackers to inject malicious JavaScript into the email messages sent through the service. Specifically, this can occur when a javascript: URI is included in an attribute of an HTML element within an email body, such as the 'onload' attribute of a BODY element. This could potentially be exploited to execute arbitrary scripts in the context of the user’s browser, compromising sensitive information and overall email security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/25708
vdb-entryx_refsource_BID
http://secunia.com/advisories/26877
third-party-advisoryx_refsource_SECUNIA
http://www.mwrinfosecurity.com/publications/mwri_merak-we...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.