Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5046


Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5046
Last Modified 07 Mar 2011 09:59:59
Published 23 Sep 2007 08:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.

Vulnerable Systems


  • Icewarp Merak Mail Server 8.9.1

  • Icewarp Merak Mail Server 8.9.2


SECUNIA - 26877

VUPEN - ADV-2007-3225

BID - 25708


OSVDB - 37428

Last Updated: 27 May 2016 10:46:02