MailMarshal Spam Quarantine Management (SQM) Multiple Component XSS

This script is Copyright (C) 2008-2011 Tenable Network Security, Inc.

Synopsis :

The remote host has an application that is affected by a cross-site
scripting vulnerability.

Description :

The remote host is running MailMarshal SMTP, a mail server for

The Spam Quarantine Management web component included with the version
of MailMarshal SMTP installed on the remote host is affected by a
persistent cross-site scripting vulnerability in its 'delegated spam
management' feature. By exploiting this issue, it may be possible for
an internal user to install a malicious program on another internal
user's (victim) computer, steal session cookies, or launch similar

Successful exploitation would require a victim to accept an email
invitation for delegated spam management from an attacker.

See also :

Solution :

Upgrade to MailMarshal SMTP 6.4 or later.

Risk factor :

Low / CVSS Base Score : 3.5
CVSS Temporal Score : 2.9
Public Exploit Available : true

Family: CGI abuses : XSS

Nessus Plugin ID: 34336 (mailmarshal_spam_quarantine_xss.nasl)

Bugtraq ID: 31483

CVE ID: CVE-2008-2831