CVE-2002-1434

Kerio MailServer 5.0 - Cross-Site Scripting in Web Mail Module

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1434. PoCs published by Abraham Lincoln.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Kerio Mailserver's web mail component. The PoC provides malicious URLs that, when accessed by a victim, execute arbitrary JavaScript code in the context of the user's session.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Abraham Lincoln · textwebappscgi
https://www.exploit-db.com/exploits/21728

This exploit demonstrates a cross-site scripting (XSS) vulnerability in Kerio Mailserver's web mail component. The PoC provides malicious URLs that, when accessed by a victim, execute arbitrary JavaScript code in the context of the user's session.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Kerio Mailserver (web mail component)
No auth needed
Prerequisites: Victim must follow a malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9905.php
Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5507

Scores

EPSS 0.0431
EPSS Percentile 90.0%

Details

Status published
Products (3)
kerio/kerio_mailserver 5.0
kerio/kerio_mailserver 5.1
kerio/kerio_mailserver 5.1.1
Published Apr 11, 2003
Tracked Since Feb 18, 2026