6 matches found
IceWarp Merak Mail Server < 9.4.2 Multiple Vulnerabilities
IceWarp Merak Mail Server is prone to multiple vulnerabilities. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...
CVE-2009-1467
CVE-2009-1467 affects IceWarp WebMail Server and IceWarp eMail Server prior to version 9.4.2. The vulnerability is an XSS flaw in RSS feed handling and email view: the RSS feed item’s title and href are inserted unmodified, while the description is sanitized via cleanHTML, per the getHTML and RSS...
[RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View
Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to Cross Site Scripting attacks in its email view. This enables attackers to send emails with embedded JavaScript code, for exampl...
IceWarp WebMail RSS Feed XSS
Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted Cross Site Scripting attacks in its RSS feed reader. If attackers control or compromise an RSS...
IceWarp WebMail Email View XSS
Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to Cross Site Scripting attacks in its email view. This enables attackers to send emails with embedded JavaScript code, for exampl...
[RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader
Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader During a penetration test, RedTeam Pentesting discovered that the IceWarp WebMail Server is prone to user-assisted Cross Site Scripting attacks in its RSS feed reader. If attackers control or compromise an RSS...