How to Buy
This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.
The remote mail server is prone to a script injection attack.
The remote host is running Alt-N MDaemon, a mail server for Windows.
According to its banner, a version of MDaemon mail server older than
10.0.2 is installed on the remote host. Such versions ship with a
version of WorldClient (a webmail client) that is affected by a script
injection vulnerability. By tricking a user into opening a specially
crafted email, an attacker can exploit this issue to execute script code
in the user's browser in the security context of the affected
application and thereby steal cookie-based credentials or launch other
See also :
Upgrade to MDaemon 10.0.2 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 34849 ()
Bugtraq ID: 32355
CVE ID: CVE-2008-6967
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.