CVE-2009-2636

Name of the Vulnerable Software and Affected Versions Kerio MailServer versions 6.6.0 through 6.7.0

Description A cross-site scripting (XSS) issue exists in the Integration page of the WebMail component, allowing remote attackers to inject arbitrary web script or HTML via an e-mail message. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Kerio MailServer versions 6.6.0 through 6.7.0, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.