CVE-2004-2334

Name of the Vulnerable Software and Affected Versions: EMU Webmail version 5.2.7

Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved through several means, including providing a hex-encoded value to the variable parameter in "emumail.fcgi", modifying the folder parameter in "emumail.fcgi", or inserting Javascript in the username or password fields on the login page.

Recommendations: For EMU Webmail version 5.2.7, consider disabling the login page or restricting access to "emumail.fcgi" until a patch is available. As a temporary workaround, avoid using the variable and folder parameters in "emumail.fcgi" and restrict the use of Javascript in the username and password fields on the login page.