CVE-2010-4930

Description

Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.

Affected products

• Atmail / webmail6.1.9
• Atmail / webmail6.1.2 – 6.1.2
• Atmail / webmail6.1.3 – 6.1.3
• Atmail / webmail6.1.4 – 6.1.4
• Atmail / webmail6.1.5 – 6.1.5
• Atmail / webmail6.1.6 – 6.1.6
• Atmail / webmail6.1.7 – 6.1.7
• Atmail / webmail6.1.8 – 6.1.8

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/41555
• MISChttp://osvdb.org/68183
• MISChttp://www.securityfocus.com/bid/43377
• MISChttp://securityreason.com/securityalert/8455
• MISChttp://www.securityfocus.com/archive/1/513890/100/0/threaded
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/61958