Vulnerabilities > Atmail > Atmail > 7.0.2

DATE CVE VULNERABILITY TITLE RISK
2017-07-25 CVE-2017-11617 Cross-site Scripting vulnerability in Atmail
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
network
low complexity
atmail CWE-79
6.1
6.1
2017-06-08 CVE-2017-9519 Cross-Site Request Forgery (CSRF) vulnerability in Atmail
atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
network
low complexity
atmail CWE-352
8.8
8.8
2017-06-08 CVE-2017-9518 Cross-Site Request Forgery (CSRF) vulnerability in Atmail
atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
network
low complexity
atmail CWE-352
8.8
8.8
2017-06-08 CVE-2017-9517 Cross-Site Request Forgery (CSRF) vulnerability in Atmail
atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
network
low complexity
atmail CWE-352
8.8
8.8