CVE-2015-6942

Name of the Vulnerable Software and Affected Versions Coremail version XT3.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. This can lead to the execution of malicious scripts on the client-side.

Recommendations For Coremail version XT3.0, update to a newer version that contains a fix for this issue, or as a temporary workaround, consider disabling the handling of hyperlinks in document attachments until a patch is available.