| Title | Kerio Connect KerioConnect 10.0.6 Cross Site Scripting |
|---|
| Description | 1.Stored XSS . Exposed Address: Settings/Email/Signature/EditHtmlSource
2.When a file with a malicious JavaScript code in its name is uploaded to the system, it is displayed again on the page within the input field without being sanitized. This creates the potential for an XSS attack. |
|---|
| Source | ⚠️ https://github.com/0xs1ash/poc/blob/main/xss.md |
|---|
| User | slash0x99 (UID 77812) |
|---|
| Submission | 03/19/2025 13:29 (1 Year ago) |
|---|
| Moderation | 03/30/2025 09:48 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 302027 [GFI KerioConnect 10.0.6 Signature EditHtmlSource cross site scripting] |
|---|
| Points | 17 |
|---|