Description
Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to blank.html, or the createdataCX parameter to (2) calendar_d.html, (3) calendar_m.html, or (4) calendar_w.html.
Exploits (4)
exploitdb
WRITEUP
VERIFIED
by ss_contacts · textwebappsphp
https://www.exploit-db.com/exploits/26311
exploitdb
WRITEUP
VERIFIED
by ss_contacts · textwebappsphp
https://www.exploit-db.com/exploits/26310
exploitdb
WRITEUP
VERIFIED
by ss_contacts · textwebappsphp
https://www.exploit-db.com/exploits/26309
exploitdb
WRITEUP
VERIFIED
by ss_contacts · textwebappsphp
https://www.exploit-db.com/exploits/26308
References (4)
Core 4
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14980
Exploit, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17046/
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112810385104168&w=2
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1933
Scores
EPSS
0.0061
EPSS Percentile
69.9%
Details
Status
published
Products (2)
icewarp/web_mail
5.5.1
merak/mail_server
8.2.4r
Published
Oct 04, 2005
Tracked Since
Feb 18, 2026