Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3233

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-3233
Last Modified 07 Mar 2011 09:38:08
Published 27 Jun 2006 06:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3233

Summary

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.

Vulnerable Systems

Application

  • Open Webmail 1.7

  • Open Webmail 1.71

  • Open Webmail 1.8

  • Open Webmail 1.81

  • Open Webmail 1.90

  • Open Webmail 2.20

  • Open Webmail 2.21

  • Open Webmail 2.30

  • Open Webmail 2.31

  • Open Webmail 2.32

  • Open Webmail 2.41

  • Open Webmail 2.5

  • Open Webmail 2.51

  • Open Webmail 2.52


References

XF - openwebmail-read-xss(27309)

VUPEN - ADV-2006-2485

BID - 18598

VIM - 20060626 Openwebmail: 2 XSS vulns not one, and some version hints

SECUNIA - 20714

CONFIRM - http://openwebmail.org/openwebmail/doc/changes.txt

CONFIRM - http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236;rev2=237


Last Updated: 27 May 2016 10:42:56