https://www.exploit-db.com/exploits/26311
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-001

IceWarpWebMail(冰星网上邮件系统)是支持中日文邮件的网页邮件(WebMail)服务器引擎MERAKMailServer8.2.4r的IcewarpWebMail5.5.1及可能的早期版本存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1)对blank.html的id参数，或对(2)calendar_d.html，(3)calendar_m.html或(4)calendar_w.html的createdataCX参数，注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/14980/info
   
IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
   
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com:32000/mail/calendar_w.html?schedule=1&print=1&createdataCX=[xss_here]

来源:BID
名称:14980
链接:http://www.securityfocus.com/bid/14980
来源:SECUNIA
名称:17046
链接:http://secunia.com/advisories/17046/
来源:BUGTRAQ
名称:20050930MultiplevulnerabilitiesinMerakMailServer8.2.4rwithIcewarpWebMail5.5.1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112810385104168&w;=2
来源:VUPEN
名称:ADV-2005-1933
链接:http://www.frsirt.com/english/advisories/2005/1933