Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5046

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5046
Last Modified 07 Mar 2011 09:59:59
Published 23 Sep 2007 08:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5046

Summary

Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.

Vulnerable Systems

Application

  • Icewarp Merak Mail Server 8.9.1

  • Icewarp Merak Mail Server 8.9.2


References

SECUNIA - 26877

VUPEN - ADV-2007-3225

BID - 25708

MISC - http://www.mwrinfosecurity.com/publications/mwri_merak-webmail-xss-advisory_2008-09-17.pdf

OSVDB - 37428


Last Updated: 27 May 2016 10:46:02