CVE-2008-5734

medium

Description

Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47533

http://www.securityfocus.com/bid/32969

http://secunia.com/advisories/32770

http://osvdb.org/50885

http://blog.vijatov.com/index.php?itemid=11

Details

Source: Mitre, NVD

Published: 2008-12-26

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N