Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2636

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2636
Last Modified 29 Jul 2009 12:00:00
Published 28 Jul 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2636

Summary

Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message.

Vulnerable Systems

Application

  • Kerio Mailserver 6.6.0

  • Kerio Mailserver 6.6.1

  • Kerio Mailserver 6.6.2

  • Kerio Mailserver 6.7.0


References

SECTRACK - 1022348

BID - 35264

CONFIRM - http://www.kerio.com/support/security-advisories#0906

SECUNIA - 35392

OSVDB - 54928


Last Updated: 27 May 2016 10:50:58