Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.Referenceshttp://osvdb.org/101937http://www.securityfocus.com/bid/64779http://www.kb.cert.org/vuls/id/204950http://atmail.com/changelog/
