Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3229

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3229
Last Modified 05 Sep 2008 05:06:34
Published 26 Jun 2006 09:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3229

Summary

Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."

Vulnerable Systems

Application

  • Open Webmail 1.7

  • Open Webmail 1.71

  • Open Webmail 1.8

  • Open Webmail 1.81

  • Open Webmail 1.90

  • Open Webmail 2.20

  • Open Webmail 2.21

  • Open Webmail 2.30

  • Open Webmail 2.31

  • Open Webmail 2.32

  • Open Webmail 2.41

  • Open Webmail 2.5

  • Open Webmail 2.51

  • Open Webmail 2.52


References

VIM - 20060626 Openwebmail: 2 XSS vulns not one, and some version hints

XF - openwebmail-read-xss(27309)

SECUNIA - 20714

CONFIRM - http://openwebmail.org/openwebmail/doc/changes.txt

CONFIRM - http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235;rev2=236


Last Updated: 27 May 2016 10:42:56