Cross-site scripting (XSS) vulnerability in the redirect page on the Kerio Connect 8.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted Host header. That is improperly handled during rendering of the HTTP redirect response on product administration port (TCP 4040).
CVSS Base Score: 6.4
Impact Subscore: 4.9
Exploitability Subscore: 10
Overall CVSS Score: 5
CVSS v2 Vector (AV:N/AC:L/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C)
Kerio Connect 7.0.0 - 8.3.2
Cross Site Scripting (XSS): CWE-79