This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.
The remote webmail server is affected by a cross-site scripting
The remote host is running IceWarp Merak Mail Server - a webmail
server for Windows and Linux.
According to its banner, the version of IceWarp installed on the
remote host fails to properly sanitize email messages before
displaying them. If a user reads a specially crafted message, a
remote attacker could leverage this issue to inject arbitrary HTML
and script code into a user's browser to be executed within the
security context of the affected application.
Upgrade to Icewarp Merak Mail Server version 9.0.0 or later as that
reportedly resolves the issue.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true