This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote webmail server is affected by a cross-site scripting
According to its banner, the remote host is running a version of
Kerio MailServer prior to 6.6.2 Patch 3 or 6.7.0 Patch 1. The webmail
component of such versions is reportedly affected by a cross-site
scripting vulnerability on the Integration page.
Successful exploitation of this issue could lead to execution of
arbitrary HTML and script code in a user's browser within the security
context of the affected site.
See also :
Upgrade to Kerio MailServer 6.6.2 Patch 3 / 6.7.0 Patch 1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 39354 (kerio_kms_670p1_xss.nasl)
Bugtraq ID: 35264
CVE ID: CVE-2009-2636
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.