[qmailadmin] Qmailadmin login page vulnerable to XSS

[David Chaplin-Loebell]

I've been meaning to mention for a while now that the "domain" field (at 
minimum) in the qmailadmin login form is vulnerable to cross-site 
scripting attacks via get.

For example, try this link:
http://mail.inter7.com/cgi-bin/qmailadmin?domain='")<script>alert('This%20script%20is%20vulnerable%20to%20XSS')</script>
While this is probably only a minor security problem, it seems like 
something that ought to be fixed.  I unfortunately don't have the 
knowledge necessary to patch it (I don't speak C).

David