Filtered by vendor Atmail
Subscribe
Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2153 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2007-0953 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | |||||
| CVE-2007-2825 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. | |||||
| CVE-2006-6701 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | |||||
| CVE-2006-6702 | 1 Atmail | 1 Atmail Webmail | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6704 | 1 Atmail | 1 Atmail Webadmin | 2025-04-09 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." | |||||
| CVE-2006-0611 | 1 Atmail | 1 Atmail | 2025-04-03 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter. | |||||
| CVE-2024-24133 | 1 Atmail | 1 Atmail | 2024-11-21 | N/A | 9.8 CRITICAL |
| Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. | |||||
| CVE-2022-31200 | 1 Atmail | 1 Atmail | 2024-11-21 | N/A | 6.1 MEDIUM |
| Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field. | |||||
| CVE-2022-30776 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. | |||||
| CVE-2021-43574 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2012-2593 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email. | |||||