Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
Name | Vendor | Start Version | End Version |
---|---|---|---|
At_mail_webmail_system | Calacode | 3.64 (including) | 3.64 (including) |