[原文]Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
602Lan Suite 2004 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'A' variable upon submission to the mail script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Upgrade to build 2004.0.05.0623 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.