VULHUB ™

The ArGoSoft Mail Server Pro web mail system does not sufficiently sanitize HTML from e-mail messages. It is possible for a remote attacker to inject arbitrary HTML and script code into e-mail messages, which will be rendered in the user's web client when the malicious message is viewed. A remote attacker could potentially exploit this condition to steal cookie-based authentication credentials from a legitimate user of the web mail system. Additionally, it has been reported that user credentials are stored in plaintext in cookies.

The ArGoSoft Mail Server Pro web mail system does not sufficiently sanitize HTML from e-mail messages. It is possible for a remote attacker to inject arbitrary HTML and script code into e-mail messages, which will be rendered in the user's web client when the malicious message is viewed. A remote attacker could potentially exploit this condition to steal cookie-based authentication credentials from a legitimate user of the web mail system. Additionally, it has been reported that user credentials are stored in plaintext in cookies.