Atmail: >> Atmail Webmail Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
CVSS Score
4.3
EPSS Score
0.006
Published
2007-05-22
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVSS Score
6.8
EPSS Score
0.006
Published
2007-04-19
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVSS Score
4.3
EPSS Score
0.005
Published
2007-02-15
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
CVSS Score
7.5
EPSS Score
0.007
Published
2006-12-23
Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVSS Score
6.8
EPSS Score
0.005
Published
2006-12-23