CVE-2006-0842

Name of the Vulnerable Software and Affected Versions Calacode @Mail version 4.3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message. This can be achieved by using a string such as "java script:.".

Recommendations For Calacode @Mail version 4.3, consider disabling the execution of javascript: strings in e-mail messages as a temporary workaround until a patch is available. Restrict access to potentially malicious e-mail messages to minimize the risk of exploitation.