CVE-2004-0591

Name of the Vulnerable Software and Affected Versions SqWebMail versions 3.x and earlier, SqWebMail version 4.0.4 and earlier

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via e-mail headers or a message with a "message/delivery-status" MIME Content-Type. This is specifically related to the print header uc function.

Recommendations For SqWebMail versions 3.x and earlier, and version 4.0.4 and earlier, consider disabling the print header uc function as a temporary workaround until a patch is available. Restrict access to e-mail headers and messages with a "message/delivery-status" MIME Content-Type to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.