icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Alt-N WebAdmin < 3.0.3 Multiple Remote Vulnerabilities

Medium

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Alt-N WebAdmin, a web interface to the MDaemon mail server. The remote version of this software is vulnerable to a cross-site scripting vulnerability due to a lack of filtering on user-supplied input in the file 'useredit_account.wdm' and the file 'modalframe.wdm'. An attacker may exploit this flaw to steal user credentials. This software is also vulnerable to an access bypass vulnerability in the file 'useredit_account.wdm'. An attacker may exploit this flaw to modify user account information. An attacker need a valid email account on the server to exploit both vulnerabilities.

Solution

Upgrade to WebAdmin 3.0.3 or higher.