Strix
26.1K

CVE-2009-1467

UnknownEPSS 2.39%

Last modified

CVE-2009-1467 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.. EPSS estimates a 2.39% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.

Metrics

EPSS Probability
2.39%

81.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IcewarpEmail Server<= 9.3.0
IcewarpEmail Server2.10.105
IcewarpEmail Server2.10.110
IcewarpEmail Server2.10.115
IcewarpEmail Server2.10.140
IcewarpEmail Server2.10.150
IcewarpEmail Server2.10.165
IcewarpEmail Server2.10.170
IcewarpEmail Server2.10.190
IcewarpEmail Server2.10.200
IcewarpEmail Server2.10.210
IcewarpEmail Server2.10.220
IcewarpEmail Server2.10.240
IcewarpEmail Server2.10.250
IcewarpEmail Server2.10.260
IcewarpEmail Server2.10.280
IcewarpEmail Server2.10.290
IcewarpEmail Server2.10.310
IcewarpEmail Server2.10.320
IcewarpEmail Server2.10.330
IcewarpEmail Server2.10.331
IcewarpEmail Server2.10.340
IcewarpEmail Server2.10.350
IcewarpEmail Server2.10.360
IcewarpEmail Server3.00.100
IcewarpEmail Server3.00.110
IcewarpEmail Server3.00.120
IcewarpEmail Server3.00.130
IcewarpEmail Server3.00.140
IcewarpEmail Server3.10.011
IcewarpEmail Server3.10.110
IcewarpEmail Server4.00.30
IcewarpEmail Server4.2.1
IcewarpEmail Server4.2.2
IcewarpEmail Server4.2.3
IcewarpEmail Server4.4.1
IcewarpEmail Server4.4.2
IcewarpEmail Server4.10.040
IcewarpEmail Server4.10.050
IcewarpEmail Server5.1.2
IcewarpEmail Server5.1.3
IcewarpEmail Server5.1.5
IcewarpEmail Server5.3.0
IcewarpEmail Server5.3.2
IcewarpEmail Server5.4.1
IcewarpEmail Server5.4.2
IcewarpEmail Server5.4.3
IcewarpEmail Server5.4.4
IcewarpEmail Server5.5.3
IcewarpEmail Server5.5.4

Showing 50 of 176 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2009-1467?
Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the body of a message, related to the email view and incorrect HTML filtering in the cleanHTML function in server/inc/tools.php; or the (2) title, (3) link, or (4) description element in an RSS feed, related to the getHTML function in server/inc/rss/item.php.
How severe is CVE-2009-1467?
Severity scoring for CVE-2009-1467 is pending analysis. The EPSS model estimates a 2.39% probability of exploitation in the next 30 days.
How do I fix CVE-2009-1467?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1467?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST