CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2011-4540 – AtMail 1.04 - 'func' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2011-4540
Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php. Varias vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en AtMail Open (también conocido como AtMail Open-Source Edition) v1.04 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro func a (1) ldap.php o (2) search.php. • https://www.exploit-db.com/exploits/36401 http://osvdb.org/77330 http://secunia.com/advisories/47012 http://secunia.com/advisories/48308 http://www.securityfocus.com/bid/50792 http://www.securityfocus.com/bid/50877 https://www.dognaedis.com/vulns/DGS-SEC-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •