CVE-2009-1467
CVE-2009-1467
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/32969unverifiedexploitdbwww.exploit-db.com/exploits/32985unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/54226http://osvdb.org/54227https://exchange.xforce.ibmcloud.com/vulnerabilities/50331http://www.redteam-pentesting.de/advisories/rt-sa-2009-001http://www.redteam-pentesting.de/advisories/rt-sa-2009-002http://www.securityfocus.com/archive/1/503225/100/0/threadedhttp://www.securityfocus.com/archive/1/503229/100/0/threadedhttp://www.securityfocus.com/bid/34825http://www.securitytracker.com/id?1022167http://www.securitytracker.com/id?1022168http://www.vupen.com/english/advisories/2009/1253