Hi. This is a straight forward answer to what Mr. Jaroslav Snajdr of Kerio.com mail server dev is claiming that kerio mail server is not vulnerable. To clear things up and let the people judge. by the way Mr. Snajdr im recieving emails that they confirmed that the vulnerability in ur product DO EXIST. anyway i'll proceed to the explanation in reproducing the vulnerability. We will show u if this advisory is real or Not Bec. We Wil be Releasing Another SECURITY ADVISORY against newest version of Kerio Mail Server. 1] Cross-Site Scripting Vulnerability with Kerio "secure" Web Mail module. Try this: http://keriowebmail/