CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 1CVE-2013-6017 – Atmail Webmail Server - Email Body HTML Injection
https://notcve.org/view.php?id=CVE-2013-6017
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element. Vulnerabilidad de cross-site scripting (XSS) en Atmail Webmail Server anteriores a 7.2 permite a atacantes remotos inyectar script web o HTML de forma arbitraria a través del cuerpo de un mensaje de email, como fue demostrado con el atributo SRC en un elemento IFRAME. • https://www.exploit-db.com/exploits/39015 http://atmail.com/changelog http://osvdb.org/101937 http://www.kb.cert.org/vuls/id/204950 http://www.securityfocus.com/bid/64779 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •