cbcvebase.
CVE-2009-1467
published 2009-05-05

CVE-2009-1467: Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web…

PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.39%
81.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.

Affected

176 ranges· showing 25
VendorProductVersion rangeFixed in
icewarpemail_server<= 9.3.0
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
icewarpemail_server
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.