CVE-2004-0588

Name of the Vulnerable Software and Affected Versions Usermin versions prior to 1.070

Description A cross-site scripting (XSS) issue exists in the web mail module, allowing remote attackers to insert arbitrary HTML and script via e-mail messages. Multiple vulnerabilities in the usermin package can lead to breaches of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions prior to 1.070, update to a version later than 1.070 to resolve the issue. As a temporary workaround, consider restricting access to the web mail module until a patch is available.