@Mail · @Mail Webmail · CVE-2006-6701
Name of the Vulnerable Software and Affected Versions:
@Mail WebMail versions 4.51
@Mail WebMail versions 5.x before 5.03
Description:
A cross-site request forgery issue allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user. This can be achieved by using a settings action in the SRC attribute of an IMG element in an HTML e-mail.
Recommendations:
For @Mail WebMail version 4.51, update to a version that contains a fix for this issue.
For @Mail WebMail versions 5.x before 5.03, update to version 5.03 or later.