Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2006-3233

Disclosure Date: June 27, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
0
Attacker Value
Unknown

CVE-2006-3229

Disclosure Date: June 27, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
0
Attacker Value
Unknown

CVE-2006-2190

Disclosure Date: May 04, 2006 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
0
Attacker Value
Unknown

CVE-2005-0445

Disclosure Date: May 02, 2005 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.
0