Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' Cross-site Scripting

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains an application that is affected by a
cross-site scripting vulnerability.

Description :

According to its version, the Atmail Webmail install on the remote
host is 4.x prior to 4.6.1 (4.61). It is, therefore, potentially
affected by an input-validate error in the file 'Global.pm' that could
allow cross-site scripting (XSS) attacks.

See also :

http://freecode.com/projects/atmail/releases/244195
http://www.netragard.com/research/ATMAIL-XSS-NETRAGARD-20061206.txt

Solution :

Upgrade to Atmail Webmail 4.6.1 (4.61) or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 73616 ()

Bugtraq ID:

CVE ID: CVE-2006-6702