MailMarshal < 6.4 Spam Quarantine Management XSS
Medium Nessus Network Monitor Plugin ID 4697
SynopsisThe remote host has an application that is affected by a cross-site scripting vulnerability.
DescriptionThe remote host is running MailMarshal SMTP, a mail server for Windows. The Spam Quarantine Management web component included with the version of MailMarshal SMTP installed on the remote host is affected by a persistent cross-site scripting vulnerability in its 'delegated spam management' feature. By exploiting this issue, it may be possible for an internal user to install a malicious program on another internal user's (victim) computer, steal session cookies or launch similar attacks. Successful exploitation would require a victim to accept an email invitation for delegated spam management from an attacker.
SolutionUpgrade to version 6.4 or higher.