PSCS VPOP3 Email Server Cross-Site Scripting Vulnerabilities

I’ve discovered new XSS vulnerabilities in PSCS VPOP3 Enterprise Email server, exactly on Web Mail interface. Vulnerability version is 2.6.0j. Vendor is informed but isn’t published fix for this vulnerabilities yet, so for solution use a proxy or IPS to filter malicious characters.

Secunia confirmed and published this vulnerability.