Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server prior to 9.0.0 allows remote malicious users to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
icewarp merak mail server 8.9.1 |
||
icewarp merak mail server 8.9.2 |