Vulnerability Note VU#204950
Atmail Webmail Server version 7.1.3 contains cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - CVE-2013-6017
Atmail Webmail Server version 7.1.3 contains a stored cross-site scripting (XSS) vulnerability. An attacker can place the stored XSS in the e-mail body and send it to another user on the mail system, allowing them to inject arbitrary HTML content (including script). This may allow the attacker the ability to steal authentication cookies or other sensitive information.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AtMail||Affected||04 Sep 2013||08 Oct 2013|
CVSS Metrics (Learn More)
Thanks to Zhao Liang of Beijing Leadsec Technology Co., Ltd for reporting this vulnerability.
This document was written by Adam Rauf & Jared Allar.
- CVE IDs: CVE-2013-6017 CVE-2013-6028
- Date Public: 01 Dec 2013
- Date First Published: 10 Jan 2014
- Date Last Updated: 02 Oct 2014
- Document Revision: 60
If you have feedback, comments, or additional information about this vulnerability, please send us email.