Vulnerability Details CVE-2010-4930
Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.082
EPSS Ranking 91.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://osvdb.org/68183
- http://secunia.com/advisories/41555
- http://securityreason.com/securityalert/8455
- http://www.securityfocus.com/archive/1/513890/100/0/threaded
- http://www.securityfocus.com/bid/43377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61958
- http://osvdb.org/68183
- http://secunia.com/advisories/41555
- http://securityreason.com/securityalert/8455
- http://www.securityfocus.com/archive/1/513890/100/0/threaded
- http://www.securityfocus.com/bid/43377
- https://exchange.xforce.ibmcloud.com/vulnerabilities/61958
Products affected by CVE-2010-4930
-
cpe:2.3:a:atmail:webmail:*
-
cpe:2.3:a:atmail:webmail:6.1.2
-
cpe:2.3:a:atmail:webmail:6.1.3
-
cpe:2.3:a:atmail:webmail:6.1.4
-
cpe:2.3:a:atmail:webmail:6.1.5
-
cpe:2.3:a:atmail:webmail:6.1.6
-
cpe:2.3:a:atmail:webmail:6.1.7
-
cpe:2.3:a:atmail:webmail:6.1.8