U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 12 matching records.
Displaying matches 1 through 12.
Vuln ID Summary CVSS Severity
CVE-2022-30776

atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.

Published: May 16, 2022; 10:15:08 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2021-43574

** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published: November 15, 2021; 10:15:06 AM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-11617

Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.

Published: July 25, 2017; 1:29:00 PM -0400
V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-9519

atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.

Published: June 08, 2017; 10:29:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-9518

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.

Published: June 08, 2017; 10:29:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2017-9517

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.

Published: June 08, 2017; 10:29:00 AM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2013-6028

Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts, (2) modify user accounts, (3) delete user accounts, or (4) stop the product's service.

Published: January 12, 2014; 1:34:55 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2013-6017

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.

Published: January 12, 2014; 1:34:55 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2013-5034

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.

Published: January 12, 2014; 1:34:55 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-5033

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.

Published: January 12, 2014; 1:34:55 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-5032

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.

Published: January 12, 2014; 1:34:55 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2013-5031

Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.

Published: January 12, 2014; 1:34:55 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH