CVE-2004-2548

Name of the Vulnerable Software and Affected Versions SurgeMail versions prior to 2.0c WebMail (affected versions not specified)

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via a URI containing the script or the username field in the login form.

Recommendations For SurgeMail versions prior to 2.0c, update to version 2.0c or later to resolve the issue. For WebMail, at the moment, there is no information about a newer version that contains a fix for this vulnerability.