CVE-2017-17752

MEDIUM

6.1

CVSS Severity Score

EPSS Score0.0260%

EPSS Percentile31.61th

PublishedDec 20, 2017

Last ModifiedMay 13, 2026

Vulnerability Description

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version 4.2.4.

Affected Platforms (CPE)

📦

Codecrafters

Ability Mail Server

= 3.3.2

References & Advisories

🔗 https://www.exploit-db.com/exploits/43378/

Related Vulnerabilities

CVE-2004-24957.8

The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service ...

CVE-2019-95576.1

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the vi...

CVE-2009-34455.0

Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (d...

CVE-2004-24944.3

Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web scr...