ID de Prueba:	1.3.6.1.4.1.25623.1.0.800099
Categoría:	Web application abuses
Título:	Kerio Mail Server Multiple Cross Site Scripting vulnerabilities
Resumen:	Kerio Mail Server is prone to multiple cross site scripting vulnerabilities.
Descripción:	Summary: Kerio Mail Server is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: Issues are due to: - a folder and daytime parameters in mailCompose.php and calendarEdit.php files is not properly sanitised before being returned to the user. - input passed to the sent parameter in error413.php is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation could result in insertion of arbitrary HTML and script code in a user's browser session in the context of an affected site. Affected Software/OS: Kerio MailServer before 6.6.2 on all running platform. Solution: Upgrade to Kerio MailServer 6.6.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5760 BugTraq ID: 32863 http://www.securityfocus.com/bid/32863 http://secunia.com/advisories/32955 http://www.vupen.com/english/advisories/2008/3442 XForce ISS Database: mailserver-error413-xss(47398) https://exchange.xforce.ibmcloud.com/vulnerabilities/47398 Common Vulnerability Exposure (CVE) ID: CVE-2008-5769 XForce ISS Database: mailerserver-mailcompose-calendaredit-xss(47397) https://exchange.xforce.ibmcloud.com/vulnerabilities/47397
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.