Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.
https://exchange.xforce.ibmcloud.com/vulnerabilities/29806
http://www.vupen.com/english/advisories/2006/4183
http://www.securityfocus.com/bid/20708
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1