The company I work for needed a new mail server to replace the old qmail server that was running. We also need PCI compliance for business purposes. When we were scanned for PCI compliance WebCit created issues. The issues are as follows:
Cross-site scripting vulnerability
Missing HTTP only
Missing secure flag only
The second two might not be directly related to WebCit.
I am sharing this information incase anyone else plans to use WebCit for company email within a company that needs PCI compliance or if someone would like to take a look into this and fix it. In conclusion do not allow people outside of your internal network access to WebCit.
