Summary
This host is running SmarterMail and is prone to multiple vulnerabilities.
Impact
Successful exploitation could allow attackers to conduct cross site scripting, shell upload and directory traversal attacks.
Impact Level: Application
Solution
Upgrade to SmarterTools SmarterMail 8.0 or later,
For updates refer to http://www.smartertools.com/smartermail/mail-server-software.aspx
Insight
Input passed in the 'path' parameter to Main/frmStoredFiles.aspx, the 'edit' parameter to UserControls/Popups/frmAddFileStorageFolder.aspx, the 'SubjectBox_SettingText' parameter to Main/Calendar/frmEvent.aspx, the 'url' parameter to UserControls/Popups/frmHelp.aspx, the 'folder' parameter to UserControls/Popups/frmDeleteConfirm.aspx, the 'editfolder' parameter to UserControls/Popups/frmEventGroup.aspx, the 'deletefolder' parameter to UserControls/Popups/frmEventGroup.aspx, and the 'bygroup' parameter to Main/Alerts/frmAlerts.aspx is not properly sanitised before being returned to the user.
Affected
SmarterTools SmarterMail versions 7.4 and prior.
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
- Adobe JRun Management Console Multiple Vulnerabilities