2 matches found
CVE-2013-2585
CVE-2013-2585 is an XSS vulnerability in Atmail Webmail Server affecting 6.6.x before 6.6.3 and 7.x before 7.0.3. The flaw permits injection of arbitrary script/HTML via PATH_INFO in index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/ (File Name parameter). Related e...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...