MDaemon Server WordClient Script Insertion Vulnerability Network Vulnerability

Summary

This host is installed with MDaemon and is prone to script insertion vulnerability.

Impact

Attacker can execute malicious arbitrary codes in the email body. Impact Level: Application.

Solution

Upgrade to the latest version 10.0.2. http://www.altn.com/Downloads/FreeEvaluation

Insight

This vulnerability is due to input validation error in 'HTML tags' in emails are not properly filtered before displaying. This can be exploited when the malicious email is viewed.

Affected

MDaemon Server version prior to 10.0.2.

References

http://files.altn.com/MDaemon/Release/RelNotes_en.txt
http://secunia.com/advisories/32142

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6967

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
/cgi-bin directory browsable ?
Apache Struts Cross Site Scripting Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability
Apache Web Server ETag Header Information Disclosure Weakness

Take action and discover your vulnerabilities