VULHUB ™

kmMail is a freely available, open source web-based mail software package written with PHP. It is available for the Unix, Linux, and Microsoft Operating Environments. kmMail does not sufficiently filter javascript from mails. As a result, when a user opens a mail in kmMail that contains javascript, the code contained in the mail would be executed in the browser of the mail user. Additionally, HTML included in the Subject: field is not filtered, and could be rendered in the browser.

kmMail is a freely available, open source web-based mail software package written with PHP. It is available for the Unix, Linux, and Microsoft Operating Environments. kmMail does not sufficiently filter javascript from mails. As a result, when a user opens a mail in kmMail that contains javascript, the code contained in the mail would be executed in the browser of the mail user. Additionally, HTML included in the Subject: field is not filtered, and could be rendered in the browser.