CVE-2013-6017
Atmail < 7.1.6 - Stored Cross-Site Scripting via Email Body
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6017. PoCs published by Zhao Liang.
AI-analyzed exploit summary This exploit demonstrates an HTML injection vulnerability in Atmail Webmail Server, allowing attacker-supplied HTML and script code to execute in the context of the affected browser. The provided iframe payload triggers a JavaScript alert, confirming the XSS vulnerability.
Description
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
Exploits (1)
This exploit demonstrates an HTML injection vulnerability in Atmail Webmail Server, allowing attacker-supplied HTML and script code to execute in the context of the affected browser. The provided iframe payload triggers a JavaScript alert, confirming the XSS vulnerability.