May 25, 2017
February 23, 2017
A stored XSS vulnerability was identified in the webmail component of atmail 7. By sending a specially crafted email to a victim, an attacker can include an XSS payload to steal user contacts, send arbitrary emails, expose inbox contents, and more.
This vulnerability was remediated in atmail 220.127.116.11, released on May 25, 2017. CVE-2017-11617 was issued to the vulnerability.
2017-02-24 – Vulnerability reported
2017-02-27 – Report acknowledged
2017-05-25 – Patch released
Full details regarding this vulnerability can be found in the accompanying blog post.
Zach Julian of Bishop Fox
Subscribe to Bishop Fox's Security Blog
Be first to learn about latest tools, advisories, and findings.
Thank You! You have been subscribed.