CVE-2009-4743

Name of the Vulnerable Software and Affected Versions AfterLogic WebMail Pro versions 4.7.10 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the HistoryStorageObjectName and HistoryKey parameters in the "history-storage.aspx" page.

Recommendations For AfterLogic WebMail Pro versions 4.7.10 and earlier, as a temporary workaround, consider restricting access to the "history-storage.aspx" page until a patch is available. Avoid using the HistoryStorageObjectName and HistoryKey parameters in this page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.