Known Vulnerabilities for products from Atmail

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Atmail".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-31200 json Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Sea... 6.1 - MEDIUM 2023-07-27 2023-11-07
CVE-2022-30776 json atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter. 6.1 - MEDIUM 2022-05-16 2023-11-07
CVE-2021-43574 json ** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format... 6.1 - MEDIUM 2021-11-15 2023-11-07
CVE-2017-11617 json Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web s... Not Provided 2017-07-25 2025-04-20
CVE-2017-9519 json atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user account. 8.8 - HIGH 2017-06-08 2017-06-13
CVE-2017-9518 json atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails. 8.8 - HIGH 2017-06-08 2017-06-13
CVE-2017-9517 json atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV. 8.8 - HIGH 2017-06-08 2017-06-13
CVE-2013-6229 json Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary... Not Provided 2014-02-12 2026-04-29
CVE-2013-6028 json Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail Webmail Server before 7.2 allow remote attackers to hija... Not Provided 2014-01-12 2026-04-29
CVE-2013-6017 json Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web ... Not Provided 2014-01-12 2026-04-29
CVE-2013-5034 json Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vu... Not Provided 2014-01-12 2026-04-29
CVE-2013-5033 json Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vu... Not Provided 2014-01-12 2026-04-29
CVE-2013-5032 json Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vu... Not Provided 2014-01-12 2026-04-29
CVE-2013-5031 json Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vu... Not Provided 2014-01-12 2026-04-29
CVE-2013-2585 json Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote att... Not Provided 2014-02-12 2026-04-29
CVE-2012-2593 json Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers... 6.1 - MEDIUM 2020-02-06 2020-02-10
CVE-2012-1920 json @Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows remote attackers to obtain configuration information via a... Not Provided 2012-03-27 2026-04-29
CVE-2012-1919 json CRLF injection vulnerability in mime.php in @Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to... Not Provided 2012-03-27 2026-04-29
CVE-2012-1918 json Multiple directory traversal vulnerabilities in (1) compose.php and (2) libs/Atmail/SendMsg.php in @Mail WebMail Client in At... Not Provided 2012-03-27 2026-04-29
CVE-2012-1917 json compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 does not properly handle ../ (dot dot slash) sequences ... Not Provided 2012-03-27 2026-04-29
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Atmail

Type Vendor Product Version
ApplicationAtmailAtmail6.20.10
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report