Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

IceWarp Merak Mail Server Multiple Vulnerabilities

Information

Severity

Severity

Medium

Family

Family

Web application abuses

CVSSv2 Base

CVSSv2 Base

6.5

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

14 years ago

Modified

Modified

5 years ago

Share

Summary

The host is running Merak Mail Server and is prone to Cross-Site Script vulnerabilities.

Insight

Insight

- Error in cleanHTML function in server/inc/tools.php is related to the email view and incorrect processing of HTML filtering. - Error in getHTML function in server/inc/rss/item.php is related to title, link, or description element in an RSS feed. - Error exists in search form in server/webmail.php in the Groupware component via 'sql' and 'order_by' elements in an XML search query. - Error occur in Forgot Password implementation in server/webmail.php via CRLF sequences preceding a Reply-To header in the subject element of an XML document.

Affected Software

Affected Software

Merak Mail Server prior to 9.4.2.

Solution

Solution

Upgrade to Merak Mail Server 9.4.2.

Common Vulnerabilities and Exposures (CVE)

References