https://www.exploit-db.com/exploits/23810
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-791

EMUWebmail5.2.7版本存在多个跨站脚本攻击（XSS）漏洞。远程攻击者可以借助（1）emumail.fcgi中的一个到variable参数的十六进制编码数值，（2）emumail.fcgi中的folder参数，或者登录页面中（3）username字段的或（4）password字段的Javascript注入任意web脚本。

source: http://www.securityfocus.com/bid/9861/info
 
Multiple vulnerabilities have been identified in the application that may allow an attacker to carry out cross-site scripting attacks and disclose the path to the victim's home directory. The issues are reported to exist in the login script, 'emumail.fcgi' script and the 'init.emu' sample script.
 
EMU Webmail 5.2.7 has been reported to be affected by these issues.

http://www.example.com/webmail/emumail.fcgi?passed=parse&variable=%3Cscript%3Ealert( %22G%22)%3C/script%3E
http://www.example.com/webmail/emumail.fcgi?passed=go_index&folder=<script>alert("G")</script>

来源:XF
名称:emu-webmail-login-xss(15452)
链接:http://xforce.iss.net/xforce/xfdb/15452
来源:XF
名称:emu-webmail-emumail-xss(15451)
链接:http://xforce.iss.net/xforce/xfdb/15451
来源:www.zone-h.com
链接:http://www.zone-h.com/advisories/read/id=4141
来源:BID
名称:9861
链接:http://www.securityfocus.com/bid/9861
来源:OSVDB
名称:4972
链接:http://www.osvdb.org/4972
来源:OSVDB
名称:4204
链接:http://www.osvdb.org/4204
来源:SECTRACK
名称:1009397
链接:http://securitytracker.com/id?1009397
来源:SECUNIA
名称:11110
链接:http://secunia.com/advisories/11110
来源:members.lycos.co.uk
链接:http://members.lycos.co.uk/r34ct/main/emu/emu.txt