Atmail Webmail 4.x < 4.6.1 (4.61) 'Global.pm' XSS

medium Nessus Plugin ID 73616

Synopsis

The remote web server contains an application that is affected by a cross-site scripting vulnerability.

Description

According to its version, the Atmail Webmail install on the remote host is 4.x prior to 4.6.1 (4.61). It is, therefore, potentially affected by an input-validate error in the file 'Global.pm' that could allow cross-site scripting (XSS) attacks.

Solution

Upgrade to Atmail Webmail 4.6.1 (4.61) or later.

See Also

http://freecode.com/projects/atmail/releases/244195

Plugin Details

Severity: Medium

ID: 73616

File Name: atmail_webmail_4_61.nasl

Version: 1.9

Type: remote

Published: 4/18/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2006-6702

Vulnerability Information

CPE: cpe:/a:atmail:atmail

Required KB Items: www/atmail_webmail

Exploit Ease: No known exploits are available

Patch Publication Date: 1/1/2007

Vulnerability Publication Date: 12/16/2006

Reference Information

CVE: CVE-2006-6702

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990