VYPR
Unrated severityNVD Advisory· Published Feb 12, 2014· Updated Jun 16, 2026

CVE-2013-2585

CVE-2013-2585

Description

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/.

Affected products

6
  • Atmail/Atmail5 versions
    cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:atmail:atmail:6.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atmail:atmail:6.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:atmail:atmail:6.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:atmail:atmail:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:atmail:atmail:7.0.1:*:*:*:*:*:*:*
  • Range: >=6.6.0, <=6.6.2 || >=7.0.0, <=7.0.2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.