Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0445

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-0445
Last Modified 10 Sep 2008 03:35:36
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-0445

Summary

Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.

Vulnerable Systems

Application

  • Open Webmail 2.00

  • Open Webmail 2.01

  • Open Webmail 2.10

  • Open Webmail 2.20

  • Open Webmail 2.21

  • Open Webmail 2.30

  • Open Webmail 2.32

  • Open Webmail 2.40

  • Open Webmail 2.41

  • Open Webmail 2.50


References

SECUNIA - 14253

XF - open-webmail-logindomain-xss(19335)

CONFIRM - http://turtle.ee.ncku.edu.tw/openwebmail/download/cert/patches/SA-05:01/2.5x.patch

CONFIRM - http://turtle.ee.ncku.edu.tw/openwebmail/doc/changes.txt

BID - 12547

SECTRACK - 1013172


Last Updated: 27 May 2016 10:39:48