Summary
The host is running Kerio MailServer and is prone to Cross-Site Scripting vulnerability
Impact
Successful exploitation could result in insertion of arbitrary HTML and script code in the user's browser session in the context of an affected site.
Impact Level: Application
Solution
Upgrade to Kerio MailServer 6.6.2 Patch 3 or 6.7.0 Patch 1 or later http://www.kerio.com/kms_download.html
Insight
Issue is due to certain unspecified input passed to the integration page of the WebMail component which is not properly sanitised before being returned to the user.
Affected
Kerio MailServer version 6.6.0 before 6.6.2 Patch 3 and 6.7.0 before 6.7.0 Patch 1
References
Severity
Classification
-
CVE CVE-2009-2636 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities