CVE-2006-3233

Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in Open WebMail (OWM) 2.52, and other versions released before 06/18/2006, allows remote attackers to inject arbitrary web script or HTML via the from field. NOTE: some third party sources have mentioned the "to" and "from" fields, although CVE analysis shows that these are associated with the previous version, a different executable, and a different CVE.

Published: Jun 27, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3233
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
open_webmail / open_webmail	1.7	1.7.x
open_webmail / open_webmail	2.41	2.41.x
open_webmail / open_webmail	1.81	1.81.x
open_webmail / open_webmail	2.30	2.30.x
open_webmail / open_webmail	2.21	2.21.x
open_webmail / open_webmail	2.51	2.51.x
open_webmail / open_webmail	1.71	1.71.x
open_webmail / open_webmail	2.31	2.31.x
open_webmail / open_webmail	2.5	2.5.x
open_webmail / open_webmail	2.20	2.20.x
open_webmail / open_webmail	1.8	1.8.x
open_webmail / open_webmail	1.90	1.90.x
open_webmail / open_webmail	2.32	2.32.x
open_webmail / open_webmail	-	2.52.x

Vulnerability Database

289,697

CVE-2006-3233