Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2190

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-2190
Last Modified 03 Nov 2008 01:19:30
Published 04 May 2006 08:38:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2190

Summary

Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.

Vulnerable Systems

Application

  • Open Webmail 1.7

  • Open Webmail 1.71

  • Open Webmail 1.8

  • Open Webmail 1.81

  • Open Webmail 1.90

  • Open Webmail 2.00

  • Open Webmail 2.01

  • Open Webmail 2.10

  • Open Webmail 2.20

  • Open Webmail 2.21

  • Open Webmail 2.30

  • Open Webmail 2.31

  • Open Webmail 2.32

  • Open Webmail 2.40

  • Open Webmail 2.41

  • Open Webmail 2.50

  • Open Webmail 2.51


References

MLIST - [owm-announce] 20060502 OpenWebMail version 2.52

XF - openwebmail-multiple-scripts-xss(26105)

SECUNIA - 16734

CONFIRM - http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233&limit=33

CONFIRM - http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232;rev2=233

MISC - http://pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html


Last Updated: 27 May 2016 10:42:22