Persistent Cross Site Scripting (XSS) in Ability Mail Server 4.2.6 via Email Body

Persistent Cross Site Scripting (XSS) in Ability Mail Server 4.2.6 via Email Body

CVE-2019-9557 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.

Learn more about our Cis Benchmark Audit For Server Software.