Lucene search

K
Inter7Sqwebmail

6 matches found

CVE
CVE
added 2004/08/06 4:0 a.m.52 views

CVE-2004-0591

Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.

6.8CVSS5.7AI score0.13907EPSS
CVE
CVE
added 2005/04/27 4:0 a.m.48 views

CVE-2005-1308

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML.

7.5CVSS6.5AI score0.03149EPSS
CVE
CVE
added 2005/09/02 11:3 p.m.47 views

CVE-2005-2769

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.

4.3CVSS5.7AI score0.10952EPSS
CVE
CVE
added 2005/08/30 11:45 a.m.41 views

CVE-2005-2724

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer.

4.3CVSS5.4AI score0.00804EPSS
CVE
CVE
added 2005/09/07 7:7 p.m.41 views

CVE-2005-2820

Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".

4.3CVSS5.4AI score0.00648EPSS
CVE
CVE
added 2005/08/16 4:0 a.m.36 views

CVE-2004-2313

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.

5CVSS7AI score0.00346EPSS