Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
atmail atmail vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-24133
Atmail v6.6.0 exists to contain a SQL injection vulnerability via the username parameter on the login page.
Atmail Atmail 6.6.0
Atmail Atmail 6.3.0
8.8
CVSSv3
CVE-2017-9517
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to upload and import users via CSV.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9519
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to create a user account.
Atmail Atmail
8.8
CVSSv3
CVE-2017-9518
atmail prior to 7.8.0.2 has CSRF, allowing an malicious user to change the SMTP hostname and hijack all emails.
Atmail Atmail
6.1
CVSSv3
CVE-2022-31200
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.
Atmail Atmail 5.62
6.1
CVSSv3
CVE-2022-30776
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
Atmail Atmail 6.5.0
6.1
CVSSv3
CVE-2021-43574
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Atmail Atmail 6.5.0
6.1
CVSSv3
CVE-2012-2593
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote malicious users to inject arbitrary web script or HTML via the Date field of an email.
Atmail Atmail 6.4.0
1 EDB exploit
8 Github repositories
6.1
CVSSv3
CVE-2017-11617
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote malicious users to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
Atmail Atmail
NA
CVE-2013-2585
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x prior to 6.6.3 and 7.0.x prior to 7.0.3 allows remote malicious users to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId/<MessageID&g...
Atmail Atmail 6.6.0
Atmail Atmail 7.0.0
Atmail Atmail 7.0.1
Atmail Atmail 6.6.1
Atmail Atmail 6.6.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »