5 matches found
CVE-2007-2825
CVE-2007-2825 affects ReadMsg.php in @Mail 5.02 and earlier, where multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, specifically using (1) links and (2) images. The vulnerability is documented across multipl...
CVE-2007-0953
CVE-2007-0953 is an XSS vulnerability in the @Mail product (search.pl) up to version 4.61. The issue occurs when processing the keywords parameter in the search function, allowing remote attackers to inject arbitrary web script or HTML. Exploitation details are not provided in the connected docum...
CVE-2006-6702
The connected Nessus entry for Atmail Webmail identifies CVE-2006-6702 as a cross-site scripting (XSS) flaw in Global.pm affecting Atmail Webmail 4.x prior to 4.6.1 (4.61). The vulnerability arises from an input‑validation error in Global.pm that could allow arbitrary web script or HTML to be inj...
CVE-2007-2153
CVE-2007-2153 is a cross-site scripting (XSS) vulnerability in the atmail.php component of @Mail 5.0. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter. The CVSS v2 base score is 6.8 (Medium) with network attack vector, no authentication, and part...
CVE-2006-6701
CVE-2006-6701 affects Atmail WebMail: CSRF in util.pl (4.51) and util.php (5.x before 5.03) enables remote manipulation of settings as another user via a crafted HTML email (SRC in IMG). Mitigation: upgrade to 5.0.3 (or later) or apply vendor patches as described in connected advisories.