Atmail WebMail <= 5.6.0 (5.60) Email Body Injection

medium Nessus Plugin ID 38649

Synopsis

The remote host is running a webmail application with a content injection vulnerability.

Description

The version of Atmail WebMail running on the remote host is vulnerable to an email body injection attack. HTML and script code are not properly sanitized before it is displayed in dynamically generated content. This vulnerability is known to affect versions 5.6.0 (5.60) and earlier.

A remote attacker could exploit this by sending a specially crafted email to display arbitrary HTML and script code in a user's web browser.

Solution

Upgrade to Atmail WebMail version 5.6.1 (5.61) or later.

Plugin Details

Severity: Medium

ID: 38649

File Name: atmail_webmail_5_6_xss.nasl

Version: 1.17

Type: remote

Published: 4/30/2009

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:atmail:atmail

Required KB Items: www/PHP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Reference Information

BID: 34529

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990

SECUNIA: 34704