CVE-2007-0953

Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

Link	Resource
http://lostmon.blogspot.com/2007/02/mail-searchpl-keywords-variable-cross.html
http://www.securityfocus.com/bid/22552
http://secunia.com/advisories/24155	Vendor Advisory
http://kb.atmail.com/?p=410
http://osvdb.org/33193
http://www.vupen.com/english/advisories/2007/0603
https://exchange.xforce.ibmcloud.com/vulnerabilities/32483

Configuration 1

cpe:2.3:a:atmail:atmail_webmail:4.6:*:*:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.11:*:freebsd:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.11:*:solaris:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.51:*:*:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.11:*:hp-ux:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.11:*:linux:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.11:*:mac_os_x:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.3:*:windows:*:*:*:*:* cpe:2.3:a:atmail:atmail_webmail:4.61:*:*:*:*:*:*:*

---

Published : 2007-02-15 02:28

Updated : 2017-07-29 01:30

---

NVD link : CVE-2007-0953

Mitre link : CVE-2007-0953

No products.

NVD-CWE-Other