CVE-2005-3692

Name of the Vulnerable Software and Affected Versions AMAX Magic Winmail Server version 4.2 (build 0824) and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the retid parameter in "badlogin.php", Content-Type headers in HTML mails, and HTML mail attachments.

Recommendations For AMAX Magic Winmail Server version 4.2 (build 0824) and earlier, avoid using the retid parameter in "badlogin.php" and restrict access to HTML mail attachments until a fix is available. Consider disabling HTML mail processing to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.