PT-2005-3607 · Sqwebmail · Sqwebmail
Jakob Balle
·
Published
2005-08-29
·
Updated
2017-07-11
·
CVE-2005-2724
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SqWebMail version 5.0.4
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a file attachment processed by the Display feature. The severity of this issue has been disputed by the developer.
Recommendations
For SqWebMail version 5.0.4, consider disabling the Display feature for file attachments until a patch is available to prevent exploitation of the XSS issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sqwebmail