Atmail : Security Vulnerabilities, CVEs, Published In 2017

CVE-2017-11617

Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-07-25
Updated
2017-07-28

CVE-2017-9519

atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-06-08
Updated
2017-06-13

CVE-2017-9518

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-06-08
Updated
2017-06-13

CVE-2017-9517

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV.
Max CVSS
8.8
EPSS Score
0.07%
Published
2017-06-08
Updated
2017-06-13
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close