4.3
CVE-2006-3233
- EPSS 1.32%
- Veröffentlicht 27.06.2006 10:05:00
- Zuletzt bearbeitet 16.06.2026 22:26:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open Webmail ≫ Open Webmail Version <= 2.52
Open Webmail ≫ Open Webmail Version1.7
Open Webmail ≫ Open Webmail Version1.8
Open Webmail ≫ Open Webmail Version1.71
Open Webmail ≫ Open Webmail Version1.81
Open Webmail ≫ Open Webmail Version1.90
Open Webmail ≫ Open Webmail Version2.5
Open Webmail ≫ Open Webmail Version2.20
Open Webmail ≫ Open Webmail Version2.21
Open Webmail ≫ Open Webmail Version2.30
Open Webmail ≫ Open Webmail Version2.31
Open Webmail ≫ Open Webmail Version2.32
Open Webmail ≫ Open Webmail Version2.41
Open Webmail ≫ Open Webmail Version2.51
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.32% | 0.67 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://openwebmail.org/openwebmail/doc/changes.txt
http://secunia.com/advisories/20714
http://www.attrition.org/pipermail/vim/2006-June/000902.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/27309
http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-read.pl?rev1=236%3Brev2=237
http://www.securityfocus.com/bid/18598
http://www.vupen.com/english/advisories/2006/2485