Coremail · Coremail · CVE-2015-6942
**Name of the Vulnerable Software and Affected Versions**
Coremail version XT3.0
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. This can lead to the execution of malicious scripts on the client-side.
**Recommendations**
For Coremail version XT3.0, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider disabling the handling of hyperlinks in document attachments until a patch is available.