[原文]frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
V-webmail frameset.php rframe Variable Arbitrary Remote HTML Inclusion
Remote / Network Access
Loss of Integrity
V-webmail contains a flaw that may allow a remote attacker to execute arbitrary commands in the target's web browser. The issue is due to 'frameset.php' not properly sanitizing user input supplied to the 'rframe' variable. This may allow an attacker to include a file from a remote host that contains arbitrary scripting commands which will be executed by the browser.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.