Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kerio MailServer WebMail多个跨站脚本漏洞
Vulnerability Description
Kerio MailServer服务程序支持IMAP、POP3、Smtp和SSL协议,并且包括基于WEB的MAIL。 Kerio MailServer的WebMail组件中,mailCompose.php没有正确地过滤folder参数输入,calendarEdit.php中没有正确过滤daytime参数输入,error413.php没有正确过滤sent参数输入。如果用户受骗点击了邮件消息中的恶意链接的话,就会导致在用户浏览器会话中执行任意HTML和脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A