Description
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
Affected products
- Atmail / atmail_webmail4.3 – 4.3
- Atmail / atmail_webmail4.6 – 4.6
- Atmail / atmail_webmail4.11 – 4.11
- Atmail / atmail_webmail4.11 – 4.11
- Atmail / atmail_webmail4.11 – 4.11
- Atmail / atmail_webmail4.11 – 4.11
- Atmail / atmail_webmail4.11 – 4.11
- Atmail / atmail_webmail4.51 – 4.51
- Atmail / atmail_webmail4.61 – 4.61
References
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/32483
- MISChttp://www.securityfocus.com/bid/22552
- MISChttp://kb.atmail.com/?p=410
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/0603
- MISChttp://lostmon.blogspot.com/2007/02/mail-searchpl-keywords-variable-cross.html
- MISChttp://osvdb.org/33193
- VENDOR_ADVISORYhttp://secunia.com/advisories/24155