Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote malicious users to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kmmail kmmail 1.0 |
||
kmmail kmmail 1.0b |
||
kmmail kmmail 1.0a |