CVE-2007-5290

Name of the Vulnerable Software and Affected Versions: MailBee WebMail Pro versions 3.4 and earlier MailBee WebMail Pro ASP versions prior to 3.4.64 WebMail Lite ASP versions prior to 4.0.11 WebMail Lite PHP versions prior to 4.0.22

Description: The issue allows remote attackers to inject arbitrary web script or HTML via the mode parameter to "login.php" and the mode2 parameter to "default.asp" in an advanced login mode. This can lead to cross-site scripting (XSS) attacks.

Recommendations: For MailBee WebMail Pro versions 3.4 and earlier, update to a version later than 3.4. For MailBee WebMail Pro ASP versions prior to 3.4.64, update to version 3.4.64 or later. For WebMail Lite ASP versions prior to 4.0.11, update to version 4.0.11 or later. For WebMail Lite PHP versions prior to 4.0.22, update to version 4.0.22 or later. As a temporary workaround, consider restricting access to the "login.php" and "default.asp" files to minimize the risk of exploitation. Avoid using the mode and mode2 parameters in the affected API endpoints until the issue is resolved.