An issue exists in SuperWebMailer 9.00.0.01710. It allows keepalive.php XSS via a GET parameter.
superwebmailer superwebmailer 9.00.0.01710