CVE-2006-0091 Information

Description

Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier with \Inline HTML\ enabled allows remote attackers to inject arbitrary web script or HTML via e-mail attachments which are rendered inline.

Reference

http://marc.info/?l=full-disclosure&m=113629092325679&w=2 http://secunia.com/advisories/18285 http://securitytracker.com/id?1015431 http://www.vupen.com/english/advisories/2006/0034