Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and previous versions; and possibly MailBee WebMail Pro ASP prior to 3.4.64, WebMail Lite ASP prior to 4.0.11, and WebMail Lite PHP prior to 4.0.22; allow remote malicious users to inject arbitrary web script or HTML via the (1) mode parameter to login.php and the (2) mode2 parameter to default.asp in an advanced_login mode.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
afterlogic mailbee webmail |
||
afterlogic mailbee webmail 3.4 |
||
afterlogic mailbee webmail 3.2 |
||
afterlogic mailbee webmail 3.3 |
||
afterlogic mailbee webmail 3.1 |