Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
https://exchange.xforce.ibmcloud.com/vulnerabilities/15324
http://www.securityfocus.com/bid/9748
http://secunia.com/advisories/10978
http://members.lycos.co.uk/r34ct/main/%40mail_3.64/%40mail_3.64.txt