CVE-2004-0591

Published: 06/08/2004 Updated: 11/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and previous versions, and possibly 3.x, allows remote malicious users to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.

Vulnerable Product	Search on Vulmon	Subscribe to Product
inter7 sqwebmail 4.0.4

A cross-site scripting vulnerability was discovered in sqwebmail, a web mail application provided by the courier mail suite, whereby an attacker could cause web script to be executed within the security context of the sqwebmail application by injecting it via an email message For the current stable distribution (woody), this problem has been fixed ...

source: wwwsecurityfocuscom/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings The problem presents itself when an unsuspecting user views an email message containing malic ...

NVD-CWE-Other http://www.securityfocus.com/bid/10588 http://www.debian.org/security/2004/dsa-533 http://secunia.com/advisories/11918/http://www.gentoo.org/security/en/glsa/glsa-200408-02.xml http://marc.info/?l=bugtraq&m=108786212220140&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16467 https://nvd.nist.gov https://www.debian.org/security/./dsa-533 https://www.exploit-db.com/exploits/24227/

CVE-2004-0591

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect