CVE-2005-0320

Name of the Vulnerable Software and Affected Versions MERAK Mail Server version 7.6.0 with Icewarp Web Mail version 5.3.0

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via several parameters and fields, including the username parameter to "login.html", the accountid parameter to "accountsettings add.html", and the note, title, and location fields to "calendar.html".

Recommendations For MERAK Mail Server version 7.6.0 with Icewarp Web Mail version 5.3.0, consider disabling access to the "login.html", "accountsettings add.html", and "calendar.html" pages until a fix is available. Restrict the use of the username and accountid parameters, as well as the note, title, and location fields, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.