ArGoSoft Mail Server HTML tag filter cross-site scripting
| argosoft-mail-server-html-tag-filter-xss (20225) |  Medium Risk |
Description:
ArGoSoft Mail Server is vulnerable to cross-site scripting in the Web mail interface caused by improper filtering of HTML tags in email messages. A remote attacker could send a malicious email containing embedded JavaScript which once the message is viewed, would be executed in the victim's Web browser within the security context of the mail server. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
Platforms Affected:
- ArGoSoft, ArGoSoft Mail Server Pro 1.8.7.6
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Gain Access
References:
- ArGoSoft Mail Server , ArGoSoft Mail Server Web site at http://www.argosoft.com/mailserver/.
- BugTraq Mailing List, Fri Apr 22 2005 - 10:17:01 CDT, Multiple vulnerabilities in Argosoft Mail Server 1.8.7.6 at http://archives.neohapsis.com/archives/bugtraq/2005-04/0361.html.
- BID-13326: ArGoSoft Mail Server Email Message HTML Injection Vulnerability
- CVE-2005-1282: Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface.
- SA15100: Argosoft Mail Server Cross-Site Scripting and Script Insertion
Reported:
Apr 22, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net