Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.
http://www.vupen.com/english/advisories/2005/0816
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1