CVSS: 6.1EPSS: 0%CPEs: 14EXPL: 0CVE-2005-2724
https://notcve.org/view.php?id=CVE-2005-2724
29 Aug 2005 — Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. • http://marc.info/?l=bugtraq&m=112490698219531&w=2 •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 1CVE-2005-1308 – SqWebMail 3.x/4.0 - HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2005-1308
15 Apr 2005 — SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. • https://www.exploit-db.com/exploits/25534 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2004-2313
https://notcve.org/view.php?id=CVE-2004-2313
31 Dec 2004 — Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. • http://www.securityfocus.com/archive/1/352317 •