PT-2005-3607 · Sqwebmail · Sqwebmail

Jakob Balle

Publicado

2005-08-29

Atualizado

2017-07-11

CVE-2005-2724

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SqWebMail version 5.0.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a file attachment processed by the Display feature. The severity of this issue has been disputed by the developer.

Recommendations For SqWebMail version 5.0.4, consider disabling the Display feature for file attachments until a patch is available to prevent exploitation of the XSS issue.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-2724

DSA-793-1

Produtos afetados

Sqwebmail

PT-2005-3607 · Sqwebmail · Sqwebmail

CVE-2005-2724

Identificadores relacionados

Produtos afetados

Referências · 13