Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."
2006-06-27T01:05:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | open_webmail | open_webmail | ≤ 2.52 | Yes |
| Application | open_webmail | open_webmail | 1.7 | Yes |
| Application | open_webmail | open_webmail | 1.8 | Yes |
| Application | open_webmail | open_webmail | 1.71 | Yes |
| Application | open_webmail | open_webmail | 1.81 | Yes |
| Application | open_webmail | open_webmail | 1.90 | Yes |
| Application | open_webmail | open_webmail | 2.5 | Yes |
| Application | open_webmail | open_webmail | 2.20 | Yes |
| Application | open_webmail | open_webmail | 2.21 | Yes |
| Application | open_webmail | open_webmail | 2.30 | Yes |
| Application | open_webmail | open_webmail | 2.31 | Yes |
| Application | open_webmail | open_webmail | 2.32 | Yes |
| Application | open_webmail | open_webmail | 2.41 | Yes |
| Application | open_webmail | open_webmail | 2.51 | Yes |