Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (30 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-2825 1 Atmail 1 Atmail Webmail 2025-04-09 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images.
CVE-2007-0953 1 Atmail 1 Atmail Webmail 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2006-6701 1 Atmail 1 Atmail Webmail 2025-04-09 N/A
Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
CVE-2007-2153 1 Atmail 1 Atmail Webmail 2025-04-09 N/A
Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2006-0611 1 Atmail 1 Atmail 2025-04-03 N/A
Directory traversal vulnerability in compose.pl in @Mail 4.3 and earlier for Windows allows remote attackers to upload arbitrary files to arbitrary locations via a .. (dot dot) in the unique parameter.
CVE-2024-24133 1 Atmail 1 Atmail 2024-11-21 9.8 Critical
Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page.
CVE-2022-31200 1 Atmail 1 Atmail 2024-11-21 6.1 Medium
Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.
CVE-2022-30776 1 Atmail 1 Atmail 2024-11-21 6.1 Medium
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
CVE-2021-43574 1 Atmail 1 Atmail 2024-11-21 6.1 Medium
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2012-2593 1 Atmail 1 Atmail 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.