CVE-2011-4540

AtMail Open 1.04 - Cross-Site Scripting via func Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4540. PoCs published by Dognædis.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in AtMail 1.0.4, where user-supplied input is not properly sanitized. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open (aka AtMail Open-Source edition) 1.04 allow remote attackers to inject arbitrary web script or HTML via the func parameter to (1) ldap.php or (2) search.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dognædis · textwebappsphp
https://www.exploit-db.com/exploits/36401

The provided text describes a cross-site scripting (XSS) vulnerability in AtMail 1.0.4, where user-supplied input is not properly sanitized. It includes example URLs demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: AtMail 1.0.4
No auth needed
Prerequisites: Access to the vulnerable AtMail web application
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50792
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/77330
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/48308
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50877
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47012

Scores

EPSS 0.0180
EPSS Percentile 75.8%

Details

CWE
CWE-79
Status published
Products (1)
atmail/atmail_open 1.04
Published Dec 01, 2011
Tracked Since Feb 18, 2026