CVE-2011-4540

Atmail Open - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by DognÃ¦dis · textwebappsphp

https://www.exploit-db.com/exploits/36401

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/77330

[Third Party Advisory] http://secunia.com/advisories/47012

[Exploit] https://www.dognaedis.com/vulns/DGS-SEC-1.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50792

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/50877

[Third Party Advisory] http://secunia.com/advisories/48308

Scores

EPSS 0.0527

EPSS Percentile 89.9%

Classification

CWE

CWE-79

Status published

Affected Products (2)

atmail/atmail_open

n/a/n/a

Timeline

Published Dec 01, 2011

Tracked Since Feb 18, 2026