Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.Referenceshttp://members.lycos.co.uk/r34ct/main/%40mail_3.64/%40mail_3.64.txthttp://www.osvdb.org/4067http://secunia.com/advisories/10978https://exchange.xforce.ibmcloud.com/vulnerabilities/15324http://www.securitytracker.com/alerts/2004/Feb/1009208.htmlhttp://www.osvdb.org/4066http://www.securityfocus.com/bid/9748
