Icewarp » Merak Mail Server : Security Vulnerabilities, CVEs, Published In 2007 (XSS)
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.
Max CVSS
4.3
EPSS Score
0.31%
Published
2007-09-24
Updated
2011-03-08
1 vulnerabilities found