CVE-2005-2769

Name of the Vulnerable Software and Affected Versions SqWebMail versions 5.0.4 and possibly other versions

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters. This occurs because SqWebMail does not properly sanitize these inputs.

Recommendations For SqWebMail version 5.0.4, update to a version that properly sanitizes HTML e-mail inputs to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.