Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
IceWarp Merak Mail Server Multiple Vulnerabilities
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The host is running Merak Mail Server and is prone to Cross-Site Script vulnerabilities.
Insight
Insight
- Error in cleanHTML function in server/inc/tools.php is related to the email view and incorrect processing of HTML filtering. - Error in getHTML function in server/inc/rss/item.php is related to title, link, or description element in an RSS feed. - Error exists in search form in server/webmail.php in the Groupware component via 'sql' and 'order_by' elements in an XML search query. - Error occur in Forgot Password implementation in server/webmail.php via CRLF sequences preceding a Reply-To header in the subject element of an XML document.
Affected Software
Affected Software
Merak Mail Server prior to 9.4.2.
Solution
Solution
Upgrade to Merak Mail Server 9.4.2.