Vulnerabilities > CVE-2006-6702 - Cross-Site Scripting vulnerability in Atmail Webmail
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Nessus
| NASL family | CGI abuses : XSS |
| NASL id | ATMAIL_WEBMAIL_4_61.NASL |
| description | According to its version, the Atmail Webmail install on the remote host is 4.x prior to 4.6.1 (4.61). It is, therefore, potentially affected by an input-validate error in the file |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 73616 |
| published | 2014-04-18 |
| reporter | This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/73616 |
| title | Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS |