CVE-2003-0488

Kerio MailServer 5.6.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.

Exploits (2)

exploitdb WRITEUP VERIFIED

by David F.Madrid · textwebappscgi

https://www.exploit-db.com/exploits/22804

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by David F.Madrid · textwebappscgi

https://www.exploit-db.com/exploits/22799

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7968

Exploit, Vendor Advisory x_refsource_misc

http://nautopia.org/vulnerabilidades/kerio_mailserver.htm

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/7966

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105596982503760&w=2

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/12367

Scores

EPSS 0.0085

EPSS Percentile 74.9%

Details

Status published

Products (1)

kerio/kerio_mailserver 5.6.3

Published Aug 07, 2003

Tracked Since Feb 18, 2026