Kerio MailServer 5.0/5.1 Web Mail Multiple Cross-Site Scripting Vulnerabilities

ID EDB-ID:21728
Type exploitdb
Reporter Abraham Lincoln
Modified 2002-08-19T00:00:00


Kerio MailServer 5.0/5.1 Web Mail Multiple Cross Site Scripting Vulnerabilities. CVE-2002-1434. Webapps exploit for cgi platform


Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component.

An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Exploitation may result in the compromise of authentication data, or in script code taking actions as the authenticated user.

*** The vendor has stated that this is not a vulnerability. 

*** Proof of concept has been provided.