6 matches found
CVE-2005-2769
CVE-2005-2769 is a cross-site scripting (XSS) flaw in SqWebMail 5.0.4 and possibly other versions. The vulnerability arises when processing HTML emails that contain tags with characters like “>” that are not properly sanitized, allowing remote attackers to inject arbitrary web script or HTML. ...
CVE-2004-0591
CVE-2004-0591 describes a cross-site scripting (XSS) vulnerability in SqWebMail’s print_header_uc function affecting SqWebMail 4.0.4 and earlier (possibly 3.x). An attacker can inject arbitrary script via (1) email headers or (2) a message with a “message/delivery-status” MIME type, executing in ...
CVE-2005-1308
CVE-2005-1308 affects SqWebMail. The vulnerability arises from CRLF sequence handling in the redirect parameter, enabling remote injection of arbitrary HTML/script and likely XSS. Impact described across sources includes attacker-controlled script execution in users’ browsers and potential sessio...
CVE-2005-2724
CVE-2005-2724 is a cross-site scripting (XSS) vulnerability in SqWebmail: the vulnerability arises from missing input sanitising in the handling of file attachments, allowing an attacker to inject arbitrary script/HTML via the Display feature. The initial description notes SqWebMail 5.0.4 as affe...
CVE-2005-2820
CVE-2005-2820 is an XSS vulnerability in SqWebMail courier (Conditional Comments in Internet Explorer). The root cause is missing input sanitising in the courier/sqwebmail handling of HTML in emails, allowing remote attackers to inject script via crafted messages. Affected: SqWebMail courier depl...
CVE-2004-2313
Inter7 SqWebMail 3.4.1–3.6.1 exposes a password-guessing vulnerability: authentication responses differ for incorrect vs. correct passwords on non-mail-enabled accounts (e.g., root), enabling remote attackers to brute-force the root password. The issue is tied to the login error handling and disc...