CVE-2007-5046

Name of the Vulnerable Software and Affected Versions IceWarp Merak Mail Server versions prior to 9.0.0

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Webmail interface. This vulnerability allows remote attackers to inject arbitrary JavaScript code via a javascript: URI in an attribute of an element in an email message body. For example, this can be achieved by using the onload attribute in a BODY element.

Recommendations For versions prior to 9.0.0, update to version 9.0.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript in email messages to minimize the risk of exploitation.