GFI Kerio Connect Cross-Site Scripting Vulnerability in Signature Handler

A stored cross-site scripting vulnerability has been identified in GFI Kerio Connect version 10.0.6. The issue arises in the Signature Handler component, specifically within the Settings/Email/Signature/EditHtmlSource file. The vulnerability allows for the injection of malicious JavaScript, which is executed without proper sanitization. This issue can be exploited remotely, but requires user interaction.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

The vulnerability can be reproduced by uploading a file containing malicious JavaScript in its name. Once uploaded, the file is displayed in the EditHtmlSource section without any sanitization, allowing the script to execute. Alternatively, the vulnerability can be reproduced by entering unescaped JavaScript into the EditHtmlSource section, which is then reflected and executed without proper sanitization.