CVE-2006-3233

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

27/06/2006

Last modified:

07/11/2023

Description

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.

Impact

Vector 2.0

AV:N/AC:M/Au:N/C:N/I:P/A:N CVSS v2.0 Severity and Metrics:

Base Score: 4.30 MEDIUM
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Attack Vector (AV): Network
Attack Complexity (AC): Medium
Authentication (Au): None
Confidentiality (C): None
Integrity (I): Physical
Availability (A): None

Base Score 2.0

4.30

Severity 2.0

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:a:open_webmail:open_webmail::::::::		2.52 (including)
cpe:2.3:a:open_webmail:open_webmail:1.7:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.8:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.71:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.81:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.90:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.5:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.20:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.21:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.30:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.31:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.32:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.41:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.51:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:a:open_webmail:open_webmail::::::::		2.52 (including)
cpe:2.3:a:open_webmail:open_webmail:1.7:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.8:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.71:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.81:::::::*
cpe:2.3:a:open_webmail:open_webmail:1.90:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.5:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.20:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.21:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.30:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.31:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.32:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.41:::::::*
cpe:2.3:a:open_webmail:open_webmail:2.51:::::::*

CVE-2006-3233

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools