Tempinbox.com Homepage: http://www.tempinbox.com Effected files: checkmail.pl Description: Tempinbox.com is a free throw away, no sending email service. You enter an account name and you can instantly check email. XSS Vulnerability: It seems the title of emails and subjects are not sanatized, so if a user was to put <IMG SRC=javascript:alert('XSS')> as a title or subject of aemail, and then someone went to view it, an XSS attack could occur.