Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.