WHID 2006-28: Tlen.PL e-mail XSS vulnerability

Tlen.PL is a popular Polish IM system provided by o2.pl, which includes e-mail accounts. The e-mail client is web based with a browser embedded in the communicator software. Certain webmail servers do not validate e-mail subject for HTML tags, allowing attacker to inject script code.

Additional information:

• Tlen.PL e-mail XSS vulnerability [Tomasz Koperski, ]