CVE-2009-1467

Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
icewarpemail_server
𝑥
≤ 9.3.0
icewarpemail_server
2.10.105
icewarpemail_server
2.10.110
icewarpemail_server
2.10.115
icewarpemail_server
2.10.140
icewarpemail_server
2.10.150
icewarpemail_server
2.10.165
icewarpemail_server
2.10.170
icewarpemail_server
2.10.190
icewarpemail_server
2.10.200
icewarpemail_server
2.10.210
icewarpemail_server
2.10.220
icewarpemail_server
2.10.240
icewarpemail_server
2.10.250
icewarpemail_server
2.10.260
icewarpemail_server
2.10.280
icewarpemail_server
2.10.290
icewarpemail_server
2.10.310
icewarpemail_server
2.10.320
icewarpemail_server
2.10.330
icewarpemail_server
2.10.331
icewarpemail_server
2.10.340
icewarpemail_server
2.10.350
icewarpemail_server
2.10.360
icewarpemail_server
3.00.100
icewarpemail_server
3.00.110
icewarpemail_server
3.00.120
icewarpemail_server
3.00.130
icewarpemail_server
3.00.140
icewarpemail_server
3.10.011
icewarpemail_server
3.10.110
icewarpemail_server
4.00.30
icewarpemail_server
4.2.1
icewarpemail_server
4.2.2
icewarpemail_server
4.2.3
icewarpemail_server
4.4.1
icewarpemail_server
4.4.2
icewarpemail_server
4.10.040
icewarpemail_server
4.10.050
icewarpemail_server
5.1.2
icewarpemail_server
5.1.3
icewarpemail_server
5.1.5
icewarpemail_server
5.3.0
icewarpemail_server
5.3.2
icewarpemail_server
5.4.1
icewarpemail_server
5.4.2
icewarpemail_server
5.4.3
icewarpemail_server
5.4.4
icewarpemail_server
5.5.3
icewarpemail_server
5.5.4
icewarpemail_server
5.5.5
icewarpemail_server
5.5.6
icewarpemail_server
5.5.7
icewarpemail_server
5.7.3
icewarpemail_server
5.8.2
icewarpemail_server
5.8.3
icewarpemail_server
5.8.4
icewarpemail_server
5.8.5
icewarpemail_server
5.8.6
icewarpemail_server
5.9.4
icewarpemail_server
6.0.2
icewarpemail_server
6.0.3
icewarpemail_server
6.0.5
icewarpemail_server
6.0.7
icewarpemail_server
6.1.0
icewarpemail_server
6.2.1
icewarpemail_server
7.0.1
icewarpemail_server
7.1.4
icewarpemail_server
7.1.6
icewarpemail_server
7.2.0
icewarpemail_server
7.4.0
icewarpemail_server
7.4.2
icewarpemail_server
7.4.5
icewarpemail_server
7.5.2
icewarpemail_server
7.6.0
icewarpemail_server
7.6.4
icewarpemail_server
8.0.1
icewarpemail_server
8.0.2
icewarpemail_server
8.0.3
icewarpemail_server
8.2.0
icewarpemail_server
8.2.2
icewarpemail_server
8.3.5
icewarpemail_server
8.3.8
icewarpemail_server
8.5.0
icewarpemail_server
8.9.1
icewarpemail_server
9.0.0
icewarpemail_server
9.1.0
icewarpemail_server
9.2.0
icewarpwebmail_server
𝑥
≤ 9.3.0
icewarpwebmail_server
2.10.105
icewarpwebmail_server
2.10.110
icewarpwebmail_server
2.10.115
icewarpwebmail_server
2.10.140
icewarpwebmail_server
2.10.150
icewarpwebmail_server
2.10.165
icewarpwebmail_server
2.10.170
icewarpwebmail_server
2.10.190
icewarpwebmail_server
2.10.200
icewarpwebmail_server
2.10.210
icewarpwebmail_server
2.10.220
icewarpwebmail_server
2.10.240
icewarpwebmail_server
2.10.250
icewarpwebmail_server
2.10.260
icewarpwebmail_server
2.10.280
icewarpwebmail_server
2.10.290
icewarpwebmail_server
2.10.310
icewarpwebmail_server
2.10.320
icewarpwebmail_server
2.10.330
icewarpwebmail_server
2.10.331
icewarpwebmail_server
2.10.340
icewarpwebmail_server
2.10.350
icewarpwebmail_server
2.10.360
icewarpwebmail_server
3.00.100
icewarpwebmail_server
3.00.110
icewarpwebmail_server
3.00.120
icewarpwebmail_server
3.00.130
icewarpwebmail_server
3.00.140
icewarpwebmail_server
3.10.011
icewarpwebmail_server
3.10.110
icewarpwebmail_server
4.00.30
icewarpwebmail_server
4.2.1
icewarpwebmail_server
4.2.2
icewarpwebmail_server
4.2.3
icewarpwebmail_server
4.4.1
icewarpwebmail_server
4.4.2
icewarpwebmail_server
4.10.040
icewarpwebmail_server
4.10.050
icewarpwebmail_server
5.1.2
icewarpwebmail_server
5.1.3
icewarpwebmail_server
5.1.5
icewarpwebmail_server
5.3.0
icewarpwebmail_server
5.3.2
icewarpwebmail_server
5.4.1
icewarpwebmail_server
5.4.2
icewarpwebmail_server
5.4.3
icewarpwebmail_server
5.4.4
icewarpwebmail_server
5.5.3
icewarpwebmail_server
5.5.4
icewarpwebmail_server
5.5.5
icewarpwebmail_server
5.5.6
icewarpwebmail_server
5.5.7
icewarpwebmail_server
5.7.3
icewarpwebmail_server
5.8.2
icewarpwebmail_server
5.8.3
icewarpwebmail_server
5.8.4
icewarpwebmail_server
5.8.5
icewarpwebmail_server
5.8.6
icewarpwebmail_server
5.9.4
icewarpwebmail_server
6.0.2
icewarpwebmail_server
6.0.3
icewarpwebmail_server
6.0.5
icewarpwebmail_server
6.0.7
icewarpwebmail_server
6.1.0
icewarpwebmail_server
6.2.1
icewarpwebmail_server
7.0.1
icewarpwebmail_server
7.1.4
icewarpwebmail_server
7.1.6
icewarpwebmail_server
7.2.0
icewarpwebmail_server
7.4.0
icewarpwebmail_server
7.4.2
icewarpwebmail_server
7.4.5
icewarpwebmail_server
7.5.2
icewarpwebmail_server
7.6.0
icewarpwebmail_server
7.6.4
icewarpwebmail_server
8.0.1
icewarpwebmail_server
8.0.2
icewarpwebmail_server
8.0.3
icewarpwebmail_server
8.2.0
icewarpwebmail_server
8.2.2
icewarpwebmail_server
8.3.5
icewarpwebmail_server
8.3.8
icewarpwebmail_server
8.5.0
icewarpwebmail_server
8.9.1
icewarpwebmail_server
9.0.0
icewarpwebmail_server
9.1.0
icewarpwebmail_server
9.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/54226
http://osvdb.org/54227
http://www.redteam-pentesting.de/advisories/rt-sa-2009-001
http://www.redteam-pentesting.de/advisories/rt-sa-2009-002
http://www.securityfocus.com/archive/1/503225/100/0/threaded
http://www.securityfocus.com/archive/1/503229/100/0/threaded
http://www.securityfocus.com/bid/34825
http://www.securitytracker.com/id?1022167
http://www.securitytracker.com/id?1022168
http://www.vupen.com/english/advisories/2009/1253
https://exchange.xforce.ibmcloud.com/vulnerabilities/50331
http://osvdb.org/54226
http://osvdb.org/54227
http://www.redteam-pentesting.de/advisories/rt-sa-2009-001
http://www.redteam-pentesting.de/advisories/rt-sa-2009-002
http://www.securityfocus.com/archive/1/503225/100/0/threaded
http://www.securityfocus.com/archive/1/503229/100/0/threaded
http://www.securityfocus.com/bid/34825
http://www.securitytracker.com/id?1022167
http://www.securitytracker.com/id?1022168
http://www.vupen.com/english/advisories/2009/1253
https://exchange.xforce.ibmcloud.com/vulnerabilities/50331