Description
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Criolabs · textwebappsphp
https://www.exploit-db.com/exploits/24380
References (12)
Core 12
Core References
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10966
Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9040
Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9041
Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9037
Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9042
Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9038
Patch, Vendor Advisory vdb-entry
x_refsource_osvdb
http://www.osvdb.org/9039
Exploit, Patch, Vendor Advisory x_refsource_misc
http://packetstormsecurity.nl/0408-exploits/merak527.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1010969
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109279057326044&w=2
Exploit, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/12269
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17024
Scores
EPSS
0.0081
EPSS Percentile
74.4%
Details
Status
published
Products (1)
merak/mail_server
7.4.5
Published
Aug 17, 2004
Tracked Since
Feb 18, 2026