Kerio Mail Server Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running Kerio Mail Server and is prone to multiple cross site scripting vulnerabilities.

Impact

Successful exploitation could result in insertion of arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to Kerio MailServer 6.6.2 http://www.kerio.com/kms_download.html

Insight

Issues are due to, - a folder and daytime parameters in mailCompose.php and calendarEdit.php files is not properly sanitised before being returned to the user. - input passed to the sent parameter in error413.php is not properly sanitised before being returned to the user.

Affected

Kerio MailServer before 6.6.2 on all running platform.

References

http://secunia.com/advisories/32955
http://xforce.iss.net/xforce/xfdb/47398

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5760, CVE-2008-5769

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

12Planet Chat Server one2planet.infolet.InfoServlet XSS
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
AdaptCMS 'init.php' Remote File Include Vulnerability

Kerio Mail Server Multiple Cross Site Scripting vulnerabilities

Take action and discover your vulnerabilities