Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MailMarshal < 6.4 Spam Quarantine Management XSS

Medium

Synopsis

The remote host has an application that is affected by a cross-site scripting vulnerability.

Description

The remote host is running MailMarshal SMTP, a mail server for Windows. The Spam Quarantine Management web component included with the version of MailMarshal SMTP installed on the remote host is affected by a persistent cross-site scripting vulnerability in its 'delegated spam management' feature. By exploiting this issue, it may be possible for an internal user to install a malicious program on another internal user's (victim) computer, steal session cookies or launch similar attacks. Successful exploitation would require a victim to accept an email invitation for delegated spam management from an attacker.

Solution

Upgrade to version 6.4 or higher.