CVE-2010-4930

@mail <6.2.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail before 6.2.0 allows remote attackers to inject arbitrary web script or HTML via the MailType parameter in a mail/auth/processlogin action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Vicente Aguilera Diaz · textwebappsphp
https://www.exploit-db.com/exploits/34690

References (6)

Scores

EPSS 0.0455
EPSS Percentile 89.1%

Classification

CWE
CWE-79
Status published

Affected Products (9)

atmail/webmail < 6.1.9
atmail/webmail
atmail/webmail
atmail/webmail
atmail/webmail
atmail/webmail
atmail/webmail
atmail/webmail
n/a/n/a

Timeline

Published Oct 09, 2011
Tracked Since Feb 18, 2026