AOH :: HP Unsorted T :: B06-1731.HTM e-mail xss vulnerability.
Tlen.PL e-mail XSS vulnerability.
Tlen.PL e-mail XSS vulnerability.

As written in: 

::File: 060416_XSS_tlen_pl
::Date: 16 Feb 2006
::Author: Tomasz Koperski  

Tlen.PL e-mail system is affected to cross-site scripting vulnerability, not validating HTML tags in e-mail message subject. 

Tlen.PL is a popular Polish IM system provided by, which includes e-mail accounts, and e-mail client built into the 
communicator software (under Windows it is actualy an instance of Internet Explorer, displaying webmail system). 
Depending on the server 'assigned' to the account (varying probably by the date of registration), webmail client does 
not validate e-mail subject for HTML tags, allowing attacker to inject script code.
The vulnerable server is accessed by default with IM client (by older accounts).
The vulnerable server does not provide webmail services through default web browser access
(using for ex.:,, yet it is still accessible under 
and used inside IM client.
On the account tested (login: koper, served by,, registered over 5 years ago), the lenght of 
subject displayed is 28 characters, which is the lenght an attacker can use to inject HTML.

An attacker could include some of this code inside the subject field of e-mail sent to the target account: