• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Kerio MailServer Web Mail Multiple Cross Site Scripting Vulnerabilities

Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component.

An attacker may exploit this vulnerability by causing a victim user to follow a malicious link. Exploitation may result in the compromise of authentication data, or in script code taking actions as the authenticated user.

*** The vendor has stated that this is not a vulnerability.

*** Proof of concept has been provided.