// For flags

CVE-2003-0488

Kerio MailServer 5.6.3 - Web Mail ADD_ACL Module Cross-Site Scripting

Severity Score

5.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

5
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer 5.6.3 allow remote attackers to insert arbitrary web script via (1) the add_name parameter in the add_acl module, or (2) the alias parameter in the do_map module.

Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Kerio MailServer 5.6.3 permite a atacantes remotos insertar script web arbitrario mediante
el parámetro add_name en el módulo add_acl, o
el parámetro alias en el módulo do_map.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2003-06-18 First Exploit
  • 2003-06-27 CVE Reserved
  • 2003-06-28 CVE Published
  • 2024-08-08 CVE Updated
  • 2024-11-05 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kerio
Search vendor "Kerio"
 Kerio Mailserver
Search vendor "Kerio" for product "Kerio Mailserver"
 5.6.3
Search vendor "Kerio" for product "Kerio Mailserver" and version "5.6.3"
-
Affected