Medium severity6.1NVD Advisory· Published Jul 25, 2017· Updated May 13, 2026

CVE-2017-11617

Description

Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.

Affected products

Atmail/Atmail
cpe:2.3:a:atmail:atmail:*:*:*:*:*:*:*:*
Range: <=7.8.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.bishopfox.com/blog/2017/06/how-i-built-an-xss-worm-on-atmail/nvdExploitTechnical DescriptionThird Party Advisory
help.atmail.com/hc/en-us/articles/115007169147-Minor-Update-7-8-0-2-ActiveSync-2-3-6nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000