CVE-2003-0488
published 2003-08-07CVE-2003-0488: Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name…
PriorityP421medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
6.78%
93.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kerio | kerio_mailserver | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting
exploitdb·2003-06-18
CVE-2003-0488 Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting
Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/7968/info
Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the do_map module of the Kerio Mailserver web mail component.
An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing malicious HTML code.
It should be noted that although this vulnerability has been reported to affect Kerio MailServer version 5.6.3, previous versions might also be affected.
http://www.example.com/do_map?action=new&oldalias=eso&alias=alert(document.cookie);&folder=public&user=lucascavadora
Exploit-DB
Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting
exploitdb·2003-06-18
CVE-2003-0488 Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting
Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/7966/info
Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the add_acl module of the Kerio Mailserver web mail component.
An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link.
It should be noted that although this vulnerability has been reported to affect Kerio MailServer version 5.6.3, previous versions might also be affected.
http://www.example.com/add_acl?folder=~conde0@localhost/INBOX&add_name=alert(document.cookie);
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=105596982503760&w=2http://nautopia.org/vulnerabilidades/kerio_mailserver.htmhttp://www.securityfocus.com/bid/7966http://www.securityfocus.com/bid/7968https://exchange.xforce.ibmcloud.com/vulnerabilities/12367http://marc.info/?l=bugtraq&m=105596982503760&w=2http://nautopia.org/vulnerabilidades/kerio_mailserver.htmhttp://www.securityfocus.com/bid/7966http://www.securityfocus.com/bid/7968https://exchange.xforce.ibmcloud.com/vulnerabilities/12367
2003-08-07
Published