CVE-2006-3229

Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, and other versions released before 05/12/2006, allows remote attackers to inject arbitrary web script or HTML via the (1) To and (2) From fields in openwebmail-main.pl, and possibly (3) other unspecified vectors related to "openwebmailerror calls that need to display HTML."

Published: Jun 27, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3229
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
open_webmail / open_webmail	1.7	1.7.x
open_webmail / open_webmail	2.41	2.41.x
open_webmail / open_webmail	1.81	1.81.x
open_webmail / open_webmail	2.30	2.30.x
open_webmail / open_webmail	2.21	2.21.x
open_webmail / open_webmail	2.51	2.51.x
open_webmail / open_webmail	1.71	1.71.x
open_webmail / open_webmail	2.31	2.31.x
open_webmail / open_webmail	2.5	2.5.x
open_webmail / open_webmail	2.20	2.20.x
open_webmail / open_webmail	1.8	1.8.x
open_webmail / open_webmail	1.90	1.90.x
open_webmail / open_webmail	2.32	2.32.x
open_webmail / open_webmail	-	2.52.x

Vulnerability Database

289,697

CVE-2006-3229