Description
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by muts · pythonremotelinux
https://www.exploit-db.com/exploits/20009
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://www.exploit-db.com/exploits/20009
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/54630
Scores
CVSS v3
6.1
EPSS
0.0566
EPSS Percentile
90.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
atmail/atmail
6.4.0
Published
Feb 06, 2020
Tracked Since
Feb 18, 2026