ArGoSoft Mail Server Pro Webmail viewheaders Multiple Field XSS

medium Nessus Plugin ID 20985

Synopsis

The remote web server is affected by a cross-site scripting flaw.

Description

The remote host is running ArGoSoft Mail Server Pro, a messaging system for Windows.

According to its banner, the webmail server bundled with the version of ArGoSoft Mail Server Pro installed on the remote host fails to properly filter message headers before displaying them as part of a message to users. A remote attacker may be able to exploit this issue to inject arbitrary HTML and script code into a user's browser, to be executed within the security context of the affected website.

Solution

Upgrade to ArGoSoft Mail Server Pro version 1.8.8.6 or later.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2006-6/advisory/

https://www.argosoft.com/rootpages/MailServer/ChangeList.aspx

Plugin Details

Severity: Medium

ID: 20985

File Name: argosoft_ms_webmail_xss.nasl

Version: 1.17

Type: remote

Published: 2/28/2006

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2/27/2006

Reference Information

CVE: CVE-2006-0978

BID: 16834

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990