CVE-2009-1467

Name of the Vulnerable Software and Affected Versions IceWarp eMail Server and WebMail Server versions prior to 9.4.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, related to incorrect HTML filtering in the cleanHTML function and the getHTML function. This can occur via the body of a message in the email view, or through the title, link, or description element in an RSS feed.

Recommendations For versions prior to 9.4.2, update to version 9.4.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of HTML in email messages and RSS feeds to minimize the risk of exploitation.