CVE-2021-43574

MEDIUM NUCLEI

Atmail 6.5.0 - XSS

Title source: llm

Description

WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Nuclei Templates (1)

Atmail 6.5.0 - Cross-Site Scripting

MEDIUMVERIFIEDby arafatansari,ritikchaddha

Shodan: http.html:"Powered by Atmail" || http.html:"powered by atmail" || http.html:"atmail"

FOFA: body="powered by atmail" || body="atmail"

References (2)

[Vendor Advisory] https://help.atmail.com/hc/en-us/sections/115003283988

[Various Sources] https://medium.com/%40bhattronit96/cve-2021-43574-696041dcab9e

Scores

CVSS v3 6.1

EPSS 0.2705

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

atmail/atmail 6.5.0

Published Nov 15, 2021

Tracked Since Feb 18, 2026