Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers.
secunia.com/advisories/18991
secunia.com/secunia_research/2006-6/advisory/
securityreason.com/securityalert/504
www.osvdb.org/23512
www.securityfocus.com/archive/1/426206/100/0/threaded
www.securityfocus.com/bid/16834
www.vupen.com/english/advisories/2006/0751
exchange.xforce.ibmcloud.com/vulnerabilities/24945