CVE-2009-1467: XSS
First published: Tue May 05 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IceWarp eMail Server | =2.10.340 | |
| Icewarp Webmail Server | =4.2.1 | |
| IceWarp eMail Server | =5.9.4 | |
| Icewarp Webmail Server | =6.0.7 | |
| IceWarp eMail Server | =2.10.115 | |
| Icewarp Webmail Server | =7.6.4 | |
| Icewarp Webmail Server | =7.1.4 | |
| IceWarp eMail Server | =4.2.3 | |
| Icewarp Webmail Server | =3.00.140 | |
| IceWarp eMail Server | =7.0.1 | |
| Icewarp Webmail Server | =5.5.7 | |
| Icewarp Webmail Server | =2.10.320 | |
| Icewarp Webmail Server | =6.0.3 | |
| Icewarp Webmail Server | =5.8.6 | |
| Icewarp Webmail Server | =8.5.0 | |
| Icewarp Webmail Server | =5.9.4 | |
| Icewarp Webmail Server | =3.00.130 | |
| Icewarp Webmail Server | =5.8.2 | |
| Icewarp Webmail Server | =7.4.2 | |
| IceWarp eMail Server | =4.10.040 | |
| Icewarp Webmail Server | =4.10.040 | |
| Icewarp Webmail Server | =5.1.2 | |
| IceWarp eMail Server | =4.10.050 | |
| IceWarp eMail Server | =2.10.360 | |
| Icewarp Webmail Server | =5.5.4 | |
| Icewarp Webmail Server | =2.10.210 | |
| Icewarp Webmail Server | =5.7.3 | |
| IceWarp eMail Server | =5.8.2 | |
| IceWarp eMail Server | =3.00.140 | |
| Icewarp Webmail Server | =9.1.0 | |
| IceWarp eMail Server | =7.1.6 | |
| Icewarp Webmail Server | =5.5.3 | |
| IceWarp eMail Server | =2.10.310 | |
| IceWarp eMail Server | =5.8.6 | |
| Icewarp Webmail Server | =2.10.330 | |
| IceWarp eMail Server | =7.1.4 | |
| Icewarp Webmail Server | =8.0.2 | |
| IceWarp eMail Server | =8.9.1 | |
| IceWarp eMail Server | =5.7.3 | |
| IceWarp eMail Server | =8.2.0 | |
| IceWarp eMail Server | =6.2.1 | |
| IceWarp eMail Server | =2.10.320 | |
| Icewarp Webmail Server | =8.2.2 | |
| Icewarp Webmail Server | =2.10.280 | |
| Icewarp Webmail Server | =7.4.5 | |
| IceWarp eMail Server | =7.6.0 | |
| Icewarp Webmail Server | =2.10.250 | |
| IceWarp eMail Server | =2.10.140 | |
| IceWarp eMail Server | =5.1.2 | |
| Icewarp Webmail Server | =2.10.150 | |
| IceWarp eMail Server | =7.4.5 | |
| Icewarp Webmail Server | =5.4.1 | |
| IceWarp eMail Server | =5.8.5 | |
| Icewarp Webmail Server | =3.10.011 | |
| IceWarp eMail Server | =2.10.110 | |
| IceWarp eMail Server | =2.10.105 | |
| IceWarp eMail Server | =8.5.0 | |
| Icewarp Webmail Server | =7.0.1 | |
| Icewarp Webmail Server | =5.4.4 | |
| IceWarp eMail Server | =6.0.7 | |
| Icewarp Webmail Server | =2.10.165 | |
| IceWarp eMail Server | =3.00.130 | |
| IceWarp eMail Server | =5.4.3 | |
| IceWarp eMail Server | =4.2.2 | |
| IceWarp eMail Server | =5.5.5 | |
| Icewarp Webmail Server | =5.4.2 | |
| IceWarp eMail Server | =7.6.4 | |
| Icewarp Webmail Server | =2.10.360 | |
| Icewarp Webmail Server | =2.10.105 | |
| IceWarp eMail Server | =2.10.170 | |
| IceWarp eMail Server | =5.4.4 | |
| IceWarp eMail Server | =9.0.0 | |
| IceWarp eMail Server | =5.4.1 | |
| IceWarp eMail Server | =2.10.250 | |
| Icewarp Webmail Server | =2.10.200 | |
| IceWarp eMail Server | =8.3.8 | |
| Icewarp Webmail Server | <=9.3.0 | |
| Icewarp Webmail Server | =3.10.110 | |
| Icewarp Webmail Server | =5.3.2 | |
| Icewarp Webmail Server | =6.2.1 | |
| Icewarp Webmail Server | =2.10.170 | |
| Icewarp Webmail Server | =7.2.0 | |
| Icewarp Webmail Server | =3.00.120 | |
| Icewarp Webmail Server | =5.5.6 | |
| IceWarp eMail Server | =8.3.5 | |
| IceWarp eMail Server | =2.10.280 | |
| Icewarp Webmail Server | =4.2.3 | |
| Icewarp Webmail Server | =6.0.5 | |
| Icewarp Webmail Server | =2.10.240 | |
| IceWarp eMail Server | =8.2.2 | |
| IceWarp eMail Server | =2.10.210 | |
| IceWarp eMail Server | =6.0.2 | |
| IceWarp eMail Server | =2.10.290 | |
| IceWarp eMail Server | =6.0.3 | |
| IceWarp eMail Server | =5.1.5 | |
| Icewarp Webmail Server | =3.00.100 | |
| IceWarp eMail Server | =5.8.3 | |
| Icewarp Webmail Server | =4.00.30 | |
| IceWarp eMail Server | =5.5.7 | |
| Icewarp Webmail Server | =2.10.190 | |
| Icewarp Webmail Server | =7.6.0 | |
| Icewarp Webmail Server | =2.10.140 | |
| Icewarp Webmail Server | =2.10.290 | |
| IceWarp eMail Server | =3.00.120 | |
| IceWarp eMail Server | =2.10.200 | |
| Icewarp Webmail Server | =5.4.3 | |
| IceWarp eMail Server | =2.10.331 | |
| Icewarp Webmail Server | =6.1.0 | |
| IceWarp eMail Server | =7.4.0 | |
| IceWarp eMail Server | =4.4.2 | |
| Icewarp Webmail Server | =5.8.4 | |
| IceWarp eMail Server | =8.0.1 | |
| IceWarp eMail Server | =5.3.2 | |
| IceWarp eMail Server | =2.10.330 | |
| Icewarp Webmail Server | =2.10.331 | |
| Icewarp Webmail Server | =5.8.3 | |
| Icewarp Webmail Server | =4.4.1 | |
| IceWarp eMail Server | =9.1.0 | |
| Icewarp Webmail Server | =7.1.6 | |
| IceWarp eMail Server | =2.10.220 | |
| IceWarp eMail Server | =2.10.190 | |
| IceWarp eMail Server | =5.5.4 | |
| IceWarp eMail Server | =7.4.2 | |
| IceWarp eMail Server | =7.2.0 | |
| Icewarp Webmail Server | =2.10.310 | |
| Icewarp Webmail Server | =9.2.0 | |
| IceWarp eMail Server | =6.0.5 | |
| Icewarp Webmail Server | =8.0.1 | |
| IceWarp eMail Server | =5.3.0 | |
| Icewarp Webmail Server | =7.4.0 | |
| Icewarp Webmail Server | =2.10.110 | |
| Icewarp Webmail Server | =2.10.350 | |
| IceWarp eMail Server | =5.4.2 | |
| IceWarp eMail Server | =2.10.165 | |
| Icewarp Webmail Server | =7.5.2 | |
| IceWarp eMail Server | =2.10.260 | |
| Icewarp Webmail Server | =5.8.5 | |
| IceWarp eMail Server | =2.10.350 | |
| Icewarp Webmail Server | =5.5.5 | |
| IceWarp eMail Server | =4.4.1 | |
| Icewarp Webmail Server | =5.1.5 | |
| Icewarp Webmail Server | =4.10.050 | |
| IceWarp eMail Server | =5.5.3 | |
| IceWarp eMail Server | =3.00.110 | |
| IceWarp eMail Server | =4.2.1 | |
| IceWarp eMail Server | =5.5.6 | |
| Icewarp Webmail Server | =8.0.3 | |
| Icewarp Webmail Server | =8.2.0 | |
| IceWarp eMail Server | <=9.3.0 | |
| Icewarp Webmail Server | =2.10.220 | |
| Icewarp Webmail Server | =8.9.1 | |
| IceWarp eMail Server | =8.0.2 | |
| Icewarp Webmail Server | =8.3.8 | |
| Icewarp Webmail Server | =2.10.115 | |
| Icewarp Webmail Server | =6.0.2 | |
| IceWarp eMail Server | =2.10.240 | |
| Icewarp Webmail Server | =2.10.340 | |
| IceWarp eMail Server | =5.1.3 | |
| IceWarp eMail Server | =5.8.4 | |
| IceWarp eMail Server | =6.1.0 | |
| Icewarp Webmail Server | =2.10.260 | |
| Icewarp Webmail Server | =9.0.0 | |
| IceWarp eMail Server | =4.00.30 | |
| Icewarp Webmail Server | =8.3.5 | |
| Icewarp Webmail Server | =5.3.0 | |
| IceWarp eMail Server | =7.5.2 | |
| IceWarp eMail Server | =3.10.011 | |
| Icewarp Webmail Server | =3.00.110 | |
| IceWarp eMail Server | =3.10.110 | |
| Icewarp Webmail Server | =4.4.2 | |
| Icewarp Webmail Server | =4.2.2 | |
| IceWarp eMail Server | =8.0.3 | |
| IceWarp eMail Server | =9.2.0 | |
| IceWarp eMail Server | =2.10.150 | |
| IceWarp eMail Server | =3.00.100 | |
| Icewarp Webmail Server | =5.1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redteam-pentesting.de/advisories/rt-sa-2009-001
- http://www.redteam-pentesting.de/advisories/rt-sa-2009-002
- http://osvdb.org/54226
- http://www.securityfocus.com/bid/34825
- http://www.securitytracker.com/id?1022167
- http://www.securitytracker.com/id?1022168
- http://osvdb.org/54227
- http://www.vupen.com/english/advisories/2009/1253
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50331
- http://www.securityfocus.com/archive/1/503229/100/0/threaded
- http://www.securityfocus.com/archive/1/503225/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/severity
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/icewarp
- canonical/icewarp email server
- version/icewarp email server/2.10.340
- canonical/icewarp webmail server
- version/icewarp webmail server/4.2.1
- version/icewarp email server/5.9.4
- version/icewarp webmail server/6.0.7
- version/icewarp email server/2.10.115
- version/icewarp webmail server/7.6.4
- version/icewarp webmail server/7.1.4
- version/icewarp email server/4.2.3
- version/icewarp webmail server/3.00.140
- version/icewarp email server/7.0.1
- version/icewarp webmail server/5.5.7
- version/icewarp webmail server/2.10.320
- version/icewarp webmail server/6.0.3
- version/icewarp webmail server/5.8.6
- version/icewarp webmail server/8.5.0
- version/icewarp webmail server/5.9.4
- version/icewarp webmail server/3.00.130
- version/icewarp webmail server/5.8.2
- version/icewarp webmail server/7.4.2
- version/icewarp email server/4.10.040
- version/icewarp webmail server/4.10.040
- version/icewarp webmail server/5.1.2
- version/icewarp email server/4.10.050
- version/icewarp email server/2.10.360
- version/icewarp webmail server/5.5.4
- version/icewarp webmail server/2.10.210
- version/icewarp webmail server/5.7.3
- version/icewarp email server/5.8.2
- version/icewarp email server/3.00.140
- version/icewarp webmail server/9.1.0
- version/icewarp email server/7.1.6
- version/icewarp webmail server/5.5.3
- version/icewarp email server/2.10.310
- version/icewarp email server/5.8.6
- version/icewarp webmail server/2.10.330
- version/icewarp email server/7.1.4
- version/icewarp webmail server/8.0.2
- version/icewarp email server/8.9.1
- version/icewarp email server/5.7.3
- version/icewarp email server/8.2.0
- version/icewarp email server/6.2.1
- version/icewarp email server/2.10.320
- version/icewarp webmail server/8.2.2
- version/icewarp webmail server/2.10.280
- version/icewarp webmail server/7.4.5
- version/icewarp email server/7.6.0
- version/icewarp webmail server/2.10.250
- version/icewarp email server/2.10.140
- version/icewarp email server/5.1.2
- version/icewarp webmail server/2.10.150
- version/icewarp email server/7.4.5
- version/icewarp webmail server/5.4.1
- version/icewarp email server/5.8.5
- version/icewarp webmail server/3.10.011
- version/icewarp email server/2.10.110
- version/icewarp email server/2.10.105
- version/icewarp email server/8.5.0
- version/icewarp webmail server/7.0.1
- version/icewarp webmail server/5.4.4
- version/icewarp email server/6.0.7
- version/icewarp webmail server/2.10.165
- version/icewarp email server/3.00.130
- version/icewarp email server/5.4.3
- version/icewarp email server/4.2.2
- version/icewarp email server/5.5.5
- version/icewarp webmail server/5.4.2
- version/icewarp email server/7.6.4
- version/icewarp webmail server/2.10.360
- version/icewarp webmail server/2.10.105
- version/icewarp email server/2.10.170
- version/icewarp email server/5.4.4
- version/icewarp email server/9.0.0
- version/icewarp email server/5.4.1
- version/icewarp email server/2.10.250
- version/icewarp webmail server/2.10.200
- version/icewarp email server/8.3.8
- version/icewarp webmail server/9.3.0
- version/icewarp webmail server/3.10.110
- version/icewarp webmail server/5.3.2
- version/icewarp webmail server/6.2.1
- version/icewarp webmail server/2.10.170
- version/icewarp webmail server/7.2.0
- version/icewarp webmail server/3.00.120
- version/icewarp webmail server/5.5.6
- version/icewarp email server/8.3.5
- version/icewarp email server/2.10.280
- version/icewarp webmail server/4.2.3
- version/icewarp webmail server/6.0.5
- version/icewarp webmail server/2.10.240
- version/icewarp email server/8.2.2
- version/icewarp email server/2.10.210
- version/icewarp email server/6.0.2
- version/icewarp email server/2.10.290
- version/icewarp email server/6.0.3
- version/icewarp email server/5.1.5
- version/icewarp webmail server/3.00.100
- version/icewarp email server/5.8.3
- version/icewarp webmail server/4.00.30
- version/icewarp email server/5.5.7
- version/icewarp webmail server/2.10.190
- version/icewarp webmail server/7.6.0
- version/icewarp webmail server/2.10.140
- version/icewarp webmail server/2.10.290
- version/icewarp email server/3.00.120
- version/icewarp email server/2.10.200
- version/icewarp webmail server/5.4.3
- version/icewarp email server/2.10.331
- version/icewarp webmail server/6.1.0
- version/icewarp email server/7.4.0
- version/icewarp email server/4.4.2
- version/icewarp webmail server/5.8.4
- version/icewarp email server/8.0.1
- version/icewarp email server/5.3.2
- version/icewarp email server/2.10.330
- version/icewarp webmail server/2.10.331
- version/icewarp webmail server/5.8.3
- version/icewarp webmail server/4.4.1
- version/icewarp email server/9.1.0
- version/icewarp webmail server/7.1.6
- version/icewarp email server/2.10.220
- version/icewarp email server/2.10.190
- version/icewarp email server/5.5.4
- version/icewarp email server/7.4.2
- version/icewarp email server/7.2.0
- version/icewarp webmail server/2.10.310
- version/icewarp webmail server/9.2.0
- version/icewarp email server/6.0.5
- version/icewarp webmail server/8.0.1
- version/icewarp email server/5.3.0
- version/icewarp webmail server/7.4.0
- version/icewarp webmail server/2.10.110
- version/icewarp webmail server/2.10.350
- version/icewarp email server/5.4.2
- version/icewarp email server/2.10.165
- version/icewarp webmail server/7.5.2
- version/icewarp email server/2.10.260
- version/icewarp webmail server/5.8.5
- version/icewarp email server/2.10.350
- version/icewarp webmail server/5.5.5
- version/icewarp email server/4.4.1
- version/icewarp webmail server/5.1.5
- version/icewarp webmail server/4.10.050
- version/icewarp email server/5.5.3
- version/icewarp email server/3.00.110
- version/icewarp email server/4.2.1
- version/icewarp email server/5.5.6
- version/icewarp webmail server/8.0.3
- version/icewarp webmail server/8.2.0
- version/icewarp email server/9.3.0
- version/icewarp webmail server/2.10.220
- version/icewarp webmail server/8.9.1
- version/icewarp email server/8.0.2
- version/icewarp webmail server/8.3.8
- version/icewarp webmail server/2.10.115
- version/icewarp webmail server/6.0.2
- version/icewarp email server/2.10.240
- version/icewarp webmail server/2.10.340
- version/icewarp email server/5.1.3
- version/icewarp email server/5.8.4
- version/icewarp email server/6.1.0
- version/icewarp webmail server/2.10.260
- version/icewarp webmail server/9.0.0
- version/icewarp email server/4.00.30
- version/icewarp webmail server/8.3.5
- version/icewarp webmail server/5.3.0
- version/icewarp email server/7.5.2
- version/icewarp email server/3.10.011
- version/icewarp webmail server/3.00.110
- version/icewarp email server/3.10.110
- version/icewarp webmail server/4.4.2
- version/icewarp webmail server/4.2.2
- version/icewarp email server/8.0.3
- version/icewarp email server/9.2.0
- version/icewarp email server/2.10.150
- version/icewarp email server/3.00.100
- version/icewarp webmail server/5.1.3