Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
open webmail open webmail 2.01 |
||
open webmail open webmail 1.7 |
||
open webmail open webmail 2.50 |
||
open webmail open webmail |
||
open webmail open webmail 2.41 |
||
open webmail open webmail 2.00 |
||
open webmail open webmail 1.81 |
||
open webmail open webmail 2.30 |
||
open webmail open webmail 2.21 |
||
open webmail open webmail 1.71 |
||
open webmail open webmail 2.31 |
||
open webmail open webmail 2.10 |
||
open webmail open webmail 2.20 |
||
open webmail open webmail 2.40 |
||
open webmail open webmail 1.8 |
||
open webmail open webmail 1.90 |
||
open webmail open webmail 2.32 |
Vulmon