Lucene search

[email protected]CVE-2006-2190

HistoryMay 04, 2006 - 12:38 p.m.

CVE-2006-2190

2006-05-0412:38:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

2006-2190

cross-site scripting

xss

vulnerability

ow-shared.pl

openwebmail

owm

remote attackers

web script

html

sessionid parameter

openwebmail-send.pl

openwebmail-advsearch.pl

openwebmail-folder.pl

openwebmail-prefs.pl

openwebmail-abook.pl

openwebmail-read.pl

openwebmail-cal.pl

openwebmail-webdisk.pl

nvd

5.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863.

CPENameOperatorVersion
open_webmail:open_webmailopen webmaileq2.01
open_webmail:open_webmailopen webmaileq1.7
open_webmail:open_webmailopen webmaileq2.50
open_webmail:open_webmailopen webmaille2.51
open_webmail:open_webmailopen webmaileq2.41
open_webmail:open_webmailopen webmaileq2.00
open_webmail:open_webmailopen webmaileq1.81
open_webmail:open_webmailopen webmaileq2.30
open_webmail:open_webmailopen webmaileq2.21
open_webmail:open_webmailopen webmaileq1.71

CPE	Name	Operator	Version
open_webmail:open_webmail	open webmail	eq	2.01
open_webmail:open_webmail	open webmail	eq	1.7
open_webmail:open_webmail	open webmail	eq	2.50
open_webmail:open_webmail	open webmail	le	2.51
open_webmail:open_webmail	open webmail	eq	2.41
open_webmail:open_webmail	open webmail	eq	2.00
open_webmail:open_webmail	open webmail	eq	1.81
open_webmail:open_webmail	open webmail	eq	2.30
open_webmail:open_webmail	open webmail	eq	2.21
open_webmail:open_webmail	open webmail	eq	1.71

Rows per page:

1-10 of 171

References

openwebmail.acatysmoof.com/archive/html/owm-announce/owm-announce.200605/msg00000.html

openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/diff/trunk/src/cgi-bin/openwebmail/shares/ow-shared.pl?rev1=232%3Brev2=233

openwebmail.acatysmoof.com/dev/svn/index.pl/openwebmail/log/trunk/?rev=233&limit=33

pridels0.blogspot.com/2006/04/open-webmail-251-xss-vuln.html

secunia.com/advisories/16734

exchange.xforce.ibmcloud.com/vulnerabilities/26105

5.9 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.053 Low

EPSS

Percentile

93.0%

JSON

Related for CVE-2006-2190

prion2 cve2 nessus1