IceWarp WebMail calendar_addevent.html Multiple Variable XSS

2005-01-28T09:12:53
ID OSVDB:13372
Type osvdb
Reporter OSVDB
Modified 2005-01-28T09:12:53

Description

Vulnerability Description

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the calendar_addevent.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to Merak Mail Server 7.6.4r, IceWarp Web Mail 5.3.2, or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the calendar_addevent.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]:32000/mail/calendar.html -> AddEvent -> [Note]=[xss_here] http://[victim]:32000/mail/calendar.html -> AddEvent -> [Title]= [xss_here] http://[victim]:32000/mail/calendar.html -> AddEvent -> [Location]= [xss_here]

References:

Vendor URL: http://www.MerakMailServer.com Secunia Advisory ID:14078 Related OSVDB ID: 13373 Related OSVDB ID: 13369 Related OSVDB ID: 13375 Related OSVDB ID: 13370 Related OSVDB ID: 13376 Related OSVDB ID: 13377 Related OSVDB ID: 13368 Related OSVDB ID: 13371 Related OSVDB ID: 13374 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-01/0318.html ISS X-Force ID: 19147 CVE-2005-0320 Bugtraq ID: 12396