The webmail portion of Infinite Mobile Delivery 2.6 from Captaris, Inc. contains a Cross Site Scripting vulnerability. In addition to the XSS, an even smaller issue exists where a user can determine the installation path of the client and where e-mails are stored.
ab16cccb8d5dac3bb83fa685da0c66ecaf107bea553a5bde32efb50a81721cbf