CVE-2012-2587

Name of the Vulnerable Software and Affected Versions AfterLogic MailSuite Pro version 6.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via an e-mail message body. Specifically, this can be achieved with a crafted SRC attribute of either an IFRAME element or a SCRIPT element.

Recommendations For AfterLogic MailSuite Pro version 6.3, consider disabling the ability to include IFRAME and SCRIPT elements in e-mail message bodies as a temporary workaround until a patch is available. Restrict access to potentially vulnerable e-mail messages to minimize the risk of exploitation.