Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 4.3 | MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| CWE ID | Type | Source |
|---|---|---|
| NVD-CWE-Other | Primary | nvd@nist.gov |
| Hyperlink | Source | Resource |
|---|---|---|
| http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236 | cve@mitre.org | N/A |
| http://openwebmail.org/openwebmail/doc/changes.txt | cve@mitre.org | N/A |
| http://secunia.com/advisories/20714 | cve@mitre.org | N/A |
| http://www.attrition.org/pipermail/vim/2006-June/000902.html | cve@mitre.org | Patch |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27309 | cve@mitre.org | N/A |
| http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://openwebmail.org/openwebmail/doc/changes.txt | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://secunia.com/advisories/20714 | af854a3a-2127-422b-91ae-364da2661108 | N/A |
| http://www.attrition.org/pipermail/vim/2006-June/000902.html | af854a3a-2127-422b-91ae-364da2661108 | Patch |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27309 | af854a3a-2127-422b-91ae-364da2661108 | N/A |