Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2002-1434

Publish Date: 19 Aug 2002

                							

                source: http://www.securityfocus.com/bid/5507/info

Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component.

An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Exploitation may result in the compromise of authentication data, or in script code taking actions as the authenticated user.

*** The vendor has stated that this is not a vulnerability. 

*** Proof of concept has been provided.

http://keriowebmail/&lt;script&gt;alert('THisIsREAL0wned')&lt;/script&gt;
http://keriowebmail/passwd&lt;script&gt;alert('VERYVULNERABLE')&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Kerio MailServer 5.0/5.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities

Vulmon Search

About

Products

Connect