Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atmail atmail vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24133
Atmail v6.6.0 exists to contain a SQL injection vulnerability via the username parameter on the login page.
Atmail Atmail 6.6.0
Atmail Atmail 6.3.0
6.1
CVSSv3
CVE-2022-31200
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.
Atmail Atmail 5.62
6.1
CVSSv3
CVE-2022-30776
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
Atmail Atmail 6.5.0
6.1
CVSSv3
CVE-2021-43574
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Atmail Atmail 6.5.0
6.1
CVSSv3
CVE-2012-2593
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote malicious users to inject arbitrary web script or HTML via the Date field of an email.
Atmail Atmail 6.4.0
1 EDB exploit
8 Github repositories
6.1
CVSSv3
CVE-2017-11617
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote malicious users to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9517
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to upload and import users via CSV.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9518
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to change the SMTP hostname and hijack all emails.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9519
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to create a user account.
Atmail Atmail
NA
CVE-2013-2585
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x prior to 6.6.3 and 7.0.x prior to 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/<MessageID&g...
Atmail Atmail 7.0.0
Atmail Atmail 6.6.0
Atmail Atmail 7.0.1
Atmail Atmail 6.6.2
Atmail Atmail 6.6.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »