XSS vulnerability in Afterlogic WebMail and Aurora Corporate

We have received a report on XSS vulnerability which can be triggered when viewing a specially crafted email message. This allows to execute arbitrary JavaScript code in the context of the webmail, in the browser.

You can read more on this in the Aurora blog.