QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3229

Published: Jun 27, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

openwebmail-read-xss(27309)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

http://openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/openwebmail-main.pl?rev1=235%3Brev2=236

x_refsource_CONFIRM

http://openwebmail.org/openwebmail/doc/changes.txt

x_refsource_CONFIRM

20060626 Openwebmail: 2 XSS vulns not one, and some version hints

mailing-list

x_refsource_VIM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.