CVE-2008-2831

Name of the Vulnerable Software and Affected Versions MailMarshal SMTP versions 6.0.3.8 through 6.3.0.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the delegated spam management feature of the Spam Quarantine Management (SQM) component. These vulnerabilities allow user-assisted remote authenticated users to inject arbitrary web script or HTML via the list of blocked senders or the list of safe senders.

Recommendations For MailMarshal SMTP versions 6.0.3.8 through 6.3.0.0, consider restricting access to the delegated spam management feature until a fix is available. As a temporary workaround, avoid using the lists of blocked and safe senders in the SQM component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.