CVE-2006-3233
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/06/2006
Last modified:
07/11/2023
Description
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:open_webmail:open_webmail:*:*:*:*:*:*:*:* | 2.52 (including) | |
cpe:2.3:a:open_webmail:open_webmail:1.7:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:1.8:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:1.71:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:1.81:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:1.90:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.5:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.20:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.21:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.30:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.31:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.32:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.41:*:*:*:*:*:*:* | ||
cpe:2.3:a:open_webmail:open_webmail:2.51:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2%3D237
- http://openwebmail.org/openwebmail/doc/changes.txt
- http://secunia.com/advisories/20714
- http://www.attrition.org/pipermail/vim/2006-June/000902.html
- http://www.securityfocus.com/bid/18598
- http://www.vupen.com/english/advisories/2006/2485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27309