CVE-2003-0488

Name of the Vulnerable Software and Affected Versions: Kerio MailServer version 5.6.3

Description: The issue concerns multiple cross-site scripting (XSS) vulnerabilities and buffer-overrun vulnerabilities in the web mail component. An attacker can exploit the XSS vulnerabilities by enticing a victim user to follow a malicious link, potentially allowing the insertion of arbitrary web script via the add name parameter in the add acl module or the alias parameter in the do map module. Additionally, buffer-overrun vulnerabilities can occur when handling usernames of excessive length, potentially resulting in the execution of arbitrary code with the privileges of the Kerio Mail Server process.

Recommendations: For Kerio MailServer version 5.6.3, consider disabling the add acl and do map modules until a patch is available. Restrict access to the web mail component to minimize the risk of exploitation. Avoid using the add name and alias parameters in the affected modules until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.