| VID |
18088 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The NetWin SurgeMail server, according to its banner, has multiple cross-site scripting vulnerabilities. NetWin SurgeMail is a mail server for multiple operating systems. NetWin SurgeMail version 3.0c2 and earlier versions are vulnerable to multiple input validation vulnerabilities, caused by an unspecified vulnerability. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* Platforms Affected:
NetWin, SurgeMail versions 3.0c2 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of NetWin SurgeMail (3.1b or later), available from the NetWin SurgeMail Web site at http://netwinsite.com/surgemail/ |
| Related URL |
(CVE) |
| Related URL |
13689 (SecurityFocus) |
| Related URL |
(ISS) |
|
