Lucene search

[email protected]NVD:CVE-2009-1467

HistoryMay 05, 2009 - 8:30 p.m.

CVE-2009-1467

2009-05-0520:30:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.

Affected configurations

NVD

Node

icewarpemail_serverRange≤9.3.0

icewarpemail_serverMatch2.10.105

icewarpemail_serverMatch2.10.110

icewarpemail_serverMatch2.10.115

icewarpemail_serverMatch2.10.140

icewarpemail_serverMatch2.10.150

icewarpemail_serverMatch2.10.165

icewarpemail_serverMatch2.10.170

icewarpemail_serverMatch2.10.190

icewarpemail_serverMatch2.10.200

icewarpemail_serverMatch2.10.210

icewarpemail_serverMatch2.10.220

icewarpemail_serverMatch2.10.240

icewarpemail_serverMatch2.10.250

icewarpemail_serverMatch2.10.260

icewarpemail_serverMatch2.10.280

icewarpemail_serverMatch2.10.290

icewarpemail_serverMatch2.10.310

icewarpemail_serverMatch2.10.320

icewarpemail_serverMatch2.10.330

icewarpemail_serverMatch2.10.331

icewarpemail_serverMatch2.10.340

icewarpemail_serverMatch2.10.350

icewarpemail_serverMatch2.10.360

icewarpemail_serverMatch3.00.100

icewarpemail_serverMatch3.00.110

icewarpemail_serverMatch3.00.120

icewarpemail_serverMatch3.00.130

icewarpemail_serverMatch3.00.140

icewarpemail_serverMatch3.10.011

icewarpemail_serverMatch3.10.110

icewarpemail_serverMatch4.00.30

icewarpemail_serverMatch4.2.1

icewarpemail_serverMatch4.2.2

icewarpemail_serverMatch4.2.3

icewarpemail_serverMatch4.4.1

icewarpemail_serverMatch4.4.2

icewarpemail_serverMatch4.10.040

icewarpemail_serverMatch4.10.050

icewarpemail_serverMatch5.1.2

icewarpemail_serverMatch5.1.3

icewarpemail_serverMatch5.1.5

icewarpemail_serverMatch5.3.0

icewarpemail_serverMatch5.3.2

icewarpemail_serverMatch5.4.1

icewarpemail_serverMatch5.4.2

icewarpemail_serverMatch5.4.3

icewarpemail_serverMatch5.4.4

icewarpemail_serverMatch5.5.3

icewarpemail_serverMatch5.5.4

icewarpemail_serverMatch5.5.5

icewarpemail_serverMatch5.5.6

icewarpemail_serverMatch5.5.7

icewarpemail_serverMatch5.7.3

icewarpemail_serverMatch5.8.2

icewarpemail_serverMatch5.8.3

icewarpemail_serverMatch5.8.4

icewarpemail_serverMatch5.8.5

icewarpemail_serverMatch5.8.6

icewarpemail_serverMatch5.9.4

icewarpemail_serverMatch6.0.2

icewarpemail_serverMatch6.0.3

icewarpemail_serverMatch6.0.5

icewarpemail_serverMatch6.0.7

icewarpemail_serverMatch6.1.0

icewarpemail_serverMatch6.2.1

icewarpemail_serverMatch7.0.1

icewarpemail_serverMatch7.1.4

icewarpemail_serverMatch7.1.6

icewarpemail_serverMatch7.2.0

icewarpemail_serverMatch7.4.0

icewarpemail_serverMatch7.4.2

icewarpemail_serverMatch7.4.5

icewarpemail_serverMatch7.5.2

icewarpemail_serverMatch7.6.0

icewarpemail_serverMatch7.6.4

icewarpemail_serverMatch8.0.1

icewarpemail_serverMatch8.0.2

icewarpemail_serverMatch8.0.3

icewarpemail_serverMatch8.2.0

icewarpemail_serverMatch8.2.2

icewarpemail_serverMatch8.3.5

icewarpemail_serverMatch8.3.8

icewarpemail_serverMatch8.5.0

icewarpemail_serverMatch8.9.1

icewarpemail_serverMatch9.0.0

icewarpemail_serverMatch9.1.0

icewarpemail_serverMatch9.2.0

icewarpwebmail_serverRange≤9.3.0

icewarpwebmail_serverMatch2.10.105

icewarpwebmail_serverMatch2.10.110

icewarpwebmail_serverMatch2.10.115

icewarpwebmail_serverMatch2.10.140

icewarpwebmail_serverMatch2.10.150

icewarpwebmail_serverMatch2.10.165

icewarpwebmail_serverMatch2.10.170

icewarpwebmail_serverMatch2.10.190

icewarpwebmail_serverMatch2.10.200

icewarpwebmail_serverMatch2.10.210

icewarpwebmail_serverMatch2.10.220

icewarpwebmail_serverMatch2.10.240

icewarpwebmail_serverMatch2.10.250

icewarpwebmail_serverMatch2.10.260

icewarpwebmail_serverMatch2.10.280

icewarpwebmail_serverMatch2.10.290

icewarpwebmail_serverMatch2.10.310

icewarpwebmail_serverMatch2.10.320

icewarpwebmail_serverMatch2.10.330

icewarpwebmail_serverMatch2.10.331

icewarpwebmail_serverMatch2.10.340

icewarpwebmail_serverMatch2.10.350

icewarpwebmail_serverMatch2.10.360

icewarpwebmail_serverMatch3.00.100

icewarpwebmail_serverMatch3.00.110

icewarpwebmail_serverMatch3.00.120

icewarpwebmail_serverMatch3.00.130

icewarpwebmail_serverMatch3.00.140

icewarpwebmail_serverMatch3.10.011

icewarpwebmail_serverMatch3.10.110

icewarpwebmail_serverMatch4.00.30

icewarpwebmail_serverMatch4.2.1

icewarpwebmail_serverMatch4.2.2

icewarpwebmail_serverMatch4.2.3

icewarpwebmail_serverMatch4.4.1

icewarpwebmail_serverMatch4.4.2

icewarpwebmail_serverMatch4.10.040

icewarpwebmail_serverMatch4.10.050

icewarpwebmail_serverMatch5.1.2

icewarpwebmail_serverMatch5.1.3

icewarpwebmail_serverMatch5.1.5

icewarpwebmail_serverMatch5.3.0

icewarpwebmail_serverMatch5.3.2

icewarpwebmail_serverMatch5.4.1

icewarpwebmail_serverMatch5.4.2

icewarpwebmail_serverMatch5.4.3

icewarpwebmail_serverMatch5.4.4

icewarpwebmail_serverMatch5.5.3

icewarpwebmail_serverMatch5.5.4

icewarpwebmail_serverMatch5.5.5

icewarpwebmail_serverMatch5.5.6

icewarpwebmail_serverMatch5.5.7

icewarpwebmail_serverMatch5.7.3

icewarpwebmail_serverMatch5.8.2

icewarpwebmail_serverMatch5.8.3

icewarpwebmail_serverMatch5.8.4

icewarpwebmail_serverMatch5.8.5

icewarpwebmail_serverMatch5.8.6

icewarpwebmail_serverMatch5.9.4

icewarpwebmail_serverMatch6.0.2

icewarpwebmail_serverMatch6.0.3

icewarpwebmail_serverMatch6.0.5

icewarpwebmail_serverMatch6.0.7

icewarpwebmail_serverMatch6.1.0

icewarpwebmail_serverMatch6.2.1

icewarpwebmail_serverMatch7.0.1

icewarpwebmail_serverMatch7.1.4

icewarpwebmail_serverMatch7.1.6

icewarpwebmail_serverMatch7.2.0

icewarpwebmail_serverMatch7.4.0

icewarpwebmail_serverMatch7.4.2

icewarpwebmail_serverMatch7.4.5

icewarpwebmail_serverMatch7.5.2

icewarpwebmail_serverMatch7.6.0

icewarpwebmail_serverMatch7.6.4

icewarpwebmail_serverMatch8.0.1

icewarpwebmail_serverMatch8.0.2

icewarpwebmail_serverMatch8.0.3

icewarpwebmail_serverMatch8.2.0

icewarpwebmail_serverMatch8.2.2

icewarpwebmail_serverMatch8.3.5

icewarpwebmail_serverMatch8.3.8

icewarpwebmail_serverMatch8.5.0

icewarpwebmail_serverMatch8.9.1

icewarpwebmail_serverMatch9.0.0

icewarpwebmail_serverMatch9.1.0

icewarpwebmail_serverMatch9.2.0

References

osvdb.org/54226

osvdb.org/54227

www.redteam-pentesting.de/advisories/rt-sa-2009-001

www.redteam-pentesting.de/advisories/rt-sa-2009-002

www.securityfocus.com/archive/1/503225/100/0/threaded

www.securityfocus.com/archive/1/503229/100/0/threaded

www.securityfocus.com/bid/34825

www.securitytracker.com/id?1022167

www.securitytracker.com/id?1022168

www.vupen.com/english/advisories/2009/1253

exchange.xforce.ibmcloud.com/vulnerabilities/50331

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for NVD:CVE-2009-1467

cve1 packetstorm2 securityvulns3 cvelist1 seebug1 prion1 nessus2 openvas2