I found vulnerability in VPOP3 Email server which allows script insertion.
Vulnerability is discovered in the version 2.6.0h. Although the vendor release the patch (implemented some filters), vulnerability still exists in the new version 2.6.0i. Patch don’t completely fix the vulnerability.
Secunia confirmed vulnerability.