Computer Security

CVE-2009-1467
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-1467
StatusCandidate
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
SeverityMedium
CVSS score4,3
CVSS vector(AV:N/AC:M/Au:N/C:N/I:P/A:N)
PhaseAssigned (16.05.2009)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1467
ReferencesBUGTRAQ : 20090505 [RT-SA-2009-001] IceWarp WebMail Server: Cross Site Scripting in Email View
 BUGTRAQ : 20090505 [RT-SA-2009-002] IceWarp WebMail Server: User-assisted Cross Site Scripting in RSS Feed Reader
 MISC : http://www.redteam-pentesting.de/advisories/rt-sa-...
 MISC : http://www.redteam-pentesting.de/advisories/rt-sa-...
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server