|
CalaCode @mail Webmail System Cross-Site Scripting Vulnerability
It has been reported that @mail may be prone to a cross-site scripting vulnerability that may allow an attacker to execute HTML or script code in a user's browser. The issue is reported to exist due to insufficient sanitization of user-supplied data via the 'Displayed Name' of 'util.pl' script. It has been reported that this issue affects @mail version 3.64, however, earlier versions may also be vulnerable. |
|
|
Privacy Statement |
