CyberSec.Space Logo
Back to CVE Browser

CVE-2019-9557

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.1440%
EPSS Percentile19.91th
PublishedMar 12, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.

Affected Platforms (CPE)

📦
Codecrafters

Ability Mail Server

= 4.2.6

References & Advisories

🔗 https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html
🔗 https://packetstormsecurity.com/files/151958/Ability-Mail-Server-4.2.6-Cross-Site-Scripting.html

Related Vulnerabilities

CVE-2004-24957.8

The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service ...

CVE-2017-177526.1

Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the R...

CVE-2009-34455.0

Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (d...

CVE-2004-24944.3

Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web scr...