Cross-Site Scripting Vulnerabilities in IceWarp eMail and WebMail Server
CVE-2009-1467

Currently unrated

Key Information:

Vendor

Icewarp

Status
Email Server
Webmail Server
Vendor
CVE Published:
5 May 2009

What is CVE-2009-1467?

Multiple cross-site scripting (XSS) vulnerabilities were identified in IceWarp eMail Server and WebMail Server prior to version 9.4.2. These flaws allow remote attackers to execute arbitrary web scripts or inject HTML content through various vectors, including the body of messages and elements within an RSS feed such as the title, link, or description. This is facilitated by inadequate HTML filtering within the server's processing functions, which could lead to unauthorized actions or data exposure, posing a significant threat to the security of web applications that utilize these servers.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50331
vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/34825
vdb-entryx_refsource_BID
http://www.securitytracker.com/id?1022167
vdb-entryx_refsource_SECTRACK

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.