Persistent Cross Site Scripting (XSS) in Ability Mail Server 4.2.6 via Email Body
CVE-2019-9557 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe.
Learn more about our Cis Benchmark Audit For Server Software.