Cross-Site Scripting Vulnerability in IceWarp Merak Mail Server
CVE-2007-5046

Currently unrated

Key Information:

Vendor: Icewarp
Status: Merak Mail Server
Vendor: CVE Published:; 24 September 2007

What is CVE-2007-5046?

A cross-site scripting (XSS) vulnerability exists in the Webmail interface of IceWarp Merak Mail Server prior to version 9.0.0. This flaw allows remote attackers to inject malicious JavaScript into the email messages sent through the service. Specifically, this can occur when a javascript: URI is included in an attribute of an HTML element within an email body, such as the 'onload' attribute of a BODY element. This could potentially be exploited to execute arbitrary scripts in the context of the user’s browser, compromising sensitive information and overall email security.

References

http://www.securityfocus.com/bid/25708

vdb-entryx_refsource_BID

http://secunia.com/advisories/26877

third-party-advisoryx_refsource_SECUNIA

http://www.mwrinfosecurity.com/publications/mwri_merak-we...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2007
Vulnerability Reserved
Sep 23, 2007

JSON

Icewarp

What is CVE-2007-5046?

References

Timeline