Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-4930

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-4930
Last Modified 13 Feb 2012 11:02:37
Published 09 Oct 2011 06:55:21
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-4930

Summary

Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.

Vulnerable Systems

Application

  • Atmail Webmail 6.1.2

  • Atmail Webmail 6.1.3

  • Atmail Webmail 6.1.4

  • Atmail Webmail 6.1.5

  • Atmail Webmail 6.1.6

  • Atmail Webmail 6.1.7

  • Atmail Webmail 6.1.8

  • Atmail Webmail 6.1.9


References

XF - atmail-index-xss(61958)

BID - 43377

BUGTRAQ - 20100921 [ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail < v6.2.0

SECUNIA - 41555

OSVDB - 68183

SREASON - 8455


Last Updated: 27 May 2016 10:58:13