CVE-2009-4352 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in TransWARE Active! mail 2003 build 2003.0139.0871 and earlier and possibly other versions before 2003.0139.0939 allow remote attackers to inject arbitrary web script or HTML via the (1) From (2) To (3) Cc and (4) Bcc parameters.

Reference

http://jvn.jp/en/jp/JVN49083120/index.html http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000075.html http://secunia.com/advisories/37602 http://www.transware.co.jp/support_am/security/vulnerability2.html https://exchange.xforce.ibmcloud.com/vulnerabilities/54750