PT-2005-3697 · Sqwebmail+1 · Sqwebmail+1
Jakob Balle
·
Published
2005-09-07
·
Updated
2017-07-11
·
CVE-2005-2820
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SqWebMail version 5.0.4
Description
A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as
[if] and [endif].Recommendations
For SqWebMail version 5.0.4, update to a version that fixes this issue, as the current version allows for the injection of malicious scripts through specially crafted email messages.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Internet Explorer
Sqwebmail