CVE-2007-5046

Icewarp Merak Mail Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/37428

[Patch, Vendor Advisory] http://secunia.com/advisories/26877

[Vendor Advisory] http://www.mwrinfosecurity.com/publications/mwri_merak-webmail-xss-advisory_2008-09-17.pdf

[Vendor Advisory] http://www.securityfocus.com/bid/25708

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3225

Scores

EPSS 0.0038

EPSS Percentile 59.2%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

icewarp/merak_mail_server

icewarp/merak_mail_server

Timeline

Published Sep 24, 2007

Tracked Since Feb 18, 2026