Published: 12/01/2014 Updated: 31/12/2016

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server prior to 7.2 allows remote malicious users to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.

Vulnerable Product	Search on Vulmon	Subscribe to Product
atmail atmail
atmail atmail 7.1.5
atmail atmail 6.6.2
atmail atmail 6.6.1
atmail atmail 6.3.5
atmail atmail 6.3.4
atmail atmail 6.20.6
atmail atmail 6.20.5
atmail atmail 6.20.4
atmail atmail 7.1.1
atmail atmail 7.1.0
atmail atmail 6.4.2
atmail atmail 6.4.1
atmail atmail 6.3.1
atmail atmail 6.3.0
atmail atmail 6.20.11
atmail atmail 6.20.10
atmail atmail 7.1.4
atmail atmail 7.1.3
atmail atmail 7.1.2
atmail atmail 6.6.0
atmail atmail 6.5.0
atmail atmail 6.3.3
atmail atmail 6.3.2
atmail atmail 6.20.13
atmail atmail 6.20.12
atmail atmail 6.6.4
atmail atmail 6.6.3
atmail atmail 6.4.0
atmail atmail 6.3.6
atmail atmail 6.20.8
atmail atmail 6.20.7

source: wwwsecurityfocuscom/bid/64779/info Atmail Webmail Server is prone to an HTML-injection vulnerability Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is re ...

CWE-79 http://atmail.com/changelog/http://www.kb.cert.org/vuls/id/204950 http://osvdb.org/101937 http://www.securityfocus.com/bid/64779 https://nvd.nist.gov https://www.exploit-db.com/exploits/39015/https://www.kb.cert.org/vuls/id/204950

CVE-2013-6017

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect